CWE-298

Improper Validation of Certificate Expiration

Variant

Draft

Description

A certificate expiration is not validated or is incorrectly validated.

Parent Weaknesses (ChildOf)

CWE-295: Improper Certificate Validatio...

CWE-672: Operation on a Resource after ...

Common Consequences

Scope

Integrity

Other

Impact

Other

Scope

Authentication

Other

Impact

Other

Potential Mitigations

Architecture and Design

Check for expired certificates and provide the user with adequate information about the nature of the problem and how to proceed.

Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the expiration.

CVE-2025-4384

product does not verify that a certificate has expired

CVE-2007-3564

web library product does not verify that a certificate has expired

CVE-2007-6746

IRC product does not check the expiration date of the X.509 certificate

CVE-2007-6746

library for SSL and TLS does not check the activation or expiration dates of CA certificates

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-298

Improper Validation of Certificate Expiration

Description

Relationships

Common Consequences

Potential Mitigations

Related CVEs

Applicable Platforms