Fortinet Fortigate Missing certificate CN/SAN validation leads to information disclosure (FG-IR-21-074)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-21-074 advisory. - An improper validation of certificate with host mismatch CWE-297 vulnerability in FortiOS versions 6.4.6 and below may allo...

CVE-2022-4967

strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch CWE-297. When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be...

Ubuntu 22.04 LTS : strongSwan vulnerability (USN-6772-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6772-1 advisory. Jan Schermer discovered that strongSwan incorrectly validated client certificates in certain configurations. A remote attacker could possibly use this issue to...

CVE-2022-4967

strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch CWE-297. When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be...

CVE-2022-4967

strongSwan versions 5.9.2 through 5.9.5 are affected by authorization bypass through improper validation of certificate with host mismatch CWE-297. When certificates are used to authenticate clients in TLS-based EAP methods, the IKE or EAP identity supplied by a client is not enforced to be...

Samsung Email app security patch for CWE-297

Last Modified Date Sep 15, 2023 7:06:21 AM...

GitHub Security Lab: [CPP]: Add query for CWE-297: Improper Validation of Certificate with Host Mismatch

This bug was reported directly to GitHub Security Lab...

FortiClientEMS & FortiClient - Telemetry protocol is vulnerable to a MitM Vulnerability

A combination of a use of hard-coded cryptographic key vulnerability CWE-321 in FortiClientEMS and an improper certificate validation vulnerability CWE-297 in FortiClientWindows, FortiClientLinux and FortiClientMac may allow an unauthenticated and network adjacent attacker to perform a...

CVE-2021-41019

CVE-2021-41019 : FortiOS versions 6.4.6 and earlier are affected by an improper validation of certificates with host mismatch (CWE-297). This can allow a connection to a malicious LDAP server via GUI options, leading to disclosure of sensitive information such as AD credentials. The vulnerability...

Protect

An improper validation of certificate with host mismatch CWE-297 vulnerability in FortiOS may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials...

GitHub Security Lab: Java: CWE-297 Insecure JavaMail SSL configuration

This bug was reported directly to GitHub Security Lab...

GHSA-GW55-JM4H-X339 Improper Validation of Certificate with Host Mismatch in Java-WebSocket

The Java-WebSocket Client does not perform hostname verification. - This means that SSL certificates of other hosts are accepted as long as they are trusted. To exploit this vulnerability an attacker has to perform a man-in-the-middle MITM attack between a Java application using the Java-WebSocke...

JVN#28845872: Android App "MyPallete" vulnerable to improper server certificate verification

Android App "MyPallete" developed by NTT Data Corporation is used by several financial institutions as Android applications for their customers. "MyPallete" is vulnerable to improper server certificate verification CWE-295 and to improper host-matching validation CWE-297. Impact A man-in-the-midd...

Improper validation of certificates when using self-signed certificates 1.8.2

Platform: Desktop-clients Versions: 1.8.2, Date: 6/8/2015 Risk level: Medium CVSS v2 Base Score: 6.1 AV:N/AC:H/Au:N/C:C/I:P/A:N CWE: Improper Validation of Certificate with Host Mismatch CWE-297...