Failure to check for certificate revocation

Last revision (mm/dd/yy): //

Vulnerabilities Table of Contents

Description
If a certificate is used without first checking to ensure it was not revoked, the certificate may be compromised.

Consequences


 * Authentication: Trust may be assigned to an entity who is not who it claims to be.
 * Integrity: Data from an untrusted (and possibly malicious) source may be integrated.
 * Confidentiality: Data may be disclosed to an entity impersonating a trusted entity, resulting in information disclosure.

Exposure period


 * Design: Checks for certificate revocation should be included in the design of a system.
 * Design: One can choose to use a language which abstracts out this part of authentication and encryption.

Platform


 * Languages: Any language which does not abstract out this part of the process
 * Operating platforms: All

Required resources

Minor trust: Users must attempt to interact with the malicious system.

Severity

Medium

Likelihood of exploit

Medium

The failure to check for certificate revocation is a far more serious flaw than related certificate failures. This is because the use of any revoked certificate is almost certainly malicious. The most common reason for certificate revocation is compromise of the system in question, with the result that no legitimate servers will be using a revoked certificate, unless they are sorely out of sync.

Risk Factors
TBD

Examples
In C/C++:

if (!(cert = SSL_get_peer(certificate(ssl)) || !host) ... without a get_verify_results

Related Attacks

 * Attack 1
 * Attack 2

Related Vulnerabilities

 * Failure to follow chain of trust in certificate validation
 * Failure to validate host-specific certificate data
 * Key exchange without entity authentication

Related Controls

 * Design: Ensure that certificates are checked for revoked status.

Related Technical Impacts

 * Technical Impact 1
 * Technical Impact 2