CME-404

Certificate Pinning

ID: CME-404
Tactic: Harden
Layer: Application
CWEs: 1
CVSS Mods: 1

Harden Application Medium Confidence

Description

Application pins expected TLS certificate fingerprints or public keys, preventing MitM attacks using rogue or compromised certificate authorities.

Metric	Transition	Rationale
Attack Complexity (AC)	L → H	MitM requires compromising the specific pinned certificate, not just any CA

CWE-295

Application-specific: check for pin configuration in app config or HTTP headers