gitlab.find_sec_bugs.WEAK_HOSTNAME_VERIFIER-1.WEAK_TRUST_MANAGER-1
unknown
Download Count*
License
A HostnameVerifier that accept any host are often use because of certificate reuse on many hosts. As a consequence, this is vulnerable to Man-in-the-middle attacks since the client will trust any certificate.
Run Locally
Run in CI
Defintion
rules:
- id: find_sec_bugs.WEAK_HOSTNAME_VERIFIER-1.WEAK_TRUST_MANAGER-1
patterns:
- pattern-either:
- patterns:
- pattern-inside: |
class $V implements HostnameVerifier {
...
}
- pattern-inside: |
public boolean verify(...) {
...
}
- pattern: return true;
- patterns:
- pattern-inside: |
class $V implements X509TrustManager {
...
}
- pattern-either:
- pattern: public void checkClientTrusted(...) {}
- pattern: public void checkServerTrusted(...) {}
- pattern: |
public X509Certificate[] getAcceptedIssuers() {
...
return null;
}
languages:
- java
message: >
A HostnameVerifier that accept any host are often use because of
certificate
reuse on many hosts. As a consequence, this is vulnerable to Man-in-the-middle
attacks since the client will trust any certificate.
metadata:
category: security
cwe: "CWE-295: Improper Certificate Validation"
primary_identifier: find_sec_bugs.WEAK_HOSTNAME_VERIFIER-1.WEAK_TRUST_MANAGER-1
secondary_identifiers:
- name: Find Security Bugs-WEAK_HOSTNAME_VERIFIER
type: find_sec_bugs_type
value: WEAK_HOSTNAME_VERIFIER
- name: Find Security Bugs-WEAK_TRUST_MANAGER
type: find_sec_bugs_type
value: WEAK_TRUST_MANAGER
license: MIT
severity: WARNING
Short Link: https://sg.run/Jw5Z