You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.qhelp
+13-7Lines changed: 13 additions & 7 deletions
Original file line number
Diff line number
Diff line change
@@ -6,14 +6,20 @@
6
6
<p>
7
7
If the <code>checkServerTrusted</code> method of a <code>TrustManager</code> never throws a <code>CertificateException</code> it trusts every certificate.
8
8
This allows an attacker to perform a machine-in-the-middle attack against the application therefore breaking any security Transport Layer Security (TLS) gives.
9
+
</p>
10
+
11
+
<p>
12
+
An attack might look like this:
13
+
</p>
9
14
10
-
An attack would look like this:
11
-
1. The program connects to <code>https://example.com</code>.
12
-
2. The attacker intercepts this connection and presents a valid, self-signed certificate for <code>https://example.com</code>.
13
-
3. Java calls the <code>checkServerTrusted</code> method to check whether it should trust the certificate.
14
-
4. The <code>checkServerTrusted</code> method of your <code>TrustManager</code> does not throw a <code>CertificateException</code>.
15
-
5. Java proceeds with the connection since your <code>TrustManager</code> implicitly trusted it by not throwing an exception.
16
-
6. The attacker can now read the data your program sends to <code>https://example.com</code> and/or alter its replies while the program thinks the connection is secure.
15
+
<ol>
16
+
<li>The vulnerable program connects to <code>https://example.com</code>.
17
+
<li>The attacker intercepts this connection and presents a valid, self-signed certificate for <code>https://example.com</code>.
18
+
<li>The vulnerable program calls the <code>checkServerTrusted</code> method to check whether it should trust the certificate.
19
+
<li>The <code>checkServerTrusted</code> method of your <code>TrustManager</code> does not throw a <code>CertificateException</code>.
20
+
<li>The vulnerable program accepts the certificate and proceeds with the connection since your <code>TrustManager</code> implicitly trusted it by not throwing an exception.
21
+
<li>The attacker can now read the data your program sends to <code>https://example.com</code> and/or alter its replies while the program thinks the connection is secure.
0 commit comments