BaseDraft

CWE-603Use of Client-Side Authentication

Category: auth

Description

A client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client that omits the authentication check. Client-side authentication is extremely weak and may be breached easily. Any attacker may read the source code and reverse-engineer the authentication mechanism to access parts of the application which would otherwise be protected.

Common consequences· 1

  • Access Control — Bypass Protection Mechanism, Gain Privileges or Assume Identity

Potential mitigations· 1

  • [Architecture and Design]Do not rely on client side data. Always perform server side authentication.

References

  1. https://cwe.mitre.org/data/definitions/603.html

(incoming)4

TypeTargetConfidenceTier
VulnerabilityCVE-2025-12868cve-2025-128680%live
VulnerabilityCVE-2025-61940cve-2025-619400%live
VulnerabilityCVE-2025-62650cve-2025-626500%live
VulnerabilityCVE-2026-1363cve-2026-13630%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Client-Side Enforcement of Server-Side Security
CWE
Use of Password Hash Instead of Password for Authentication
CWE
Weak Authentication
CWE
Reliance on Cookies without Validation and Integrity Checking in a Security Decision
CWE
Insufficiently Protected Credentials
CWE
Use of Single-factor Authentication
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.