Invalid certificate chain encountered during redirection

OWASP 2013-A5 OWASP 2017-A6 CWE-297 WSTG-CLNT-04

There are two types of certificate authorities (CA):-

  • Root
  • Intermediate

The certificates are issued by a trust certificate authority. If the certificate is not by a trust CA, The connecting device (usually a web browser) checks from where the CA got its certification. The browser will check until a trust CA is found. If not found, the connecting device will show an error. The list from root CA to the end- user certificate is called a chain. When the whole chain consists of untrusted certificates, It is known as the invalid certificate chain. This will also affect the redirection to HTTPS as well.

Impact

Using this vulnerability, an attacker can:-

  • redirect the user to a malicious site to steal information/data.
  • show user false data which will, in turn, affect the credibility of the website.

Mitigation / Precaution

Beagle recommends the following:-

  • Try to setup a proper SSL certificate.

Related Articles