CWE · MITRE source
CWE-603Use of Client-Side Authentication
A client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client that omits the authentication check.
Client-side authentication is extremely weak and may be breached easily. Any attacker may read the source code and reverse-engineer the authentication mechanism to access parts of the application which would otherwise be protected.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2022-3218 | 7.0 | 9.8 | 0.8462 | 2022-09-19 |
CVE-2017-7909 | 2.1 | 9.8 | 0.0160 | 2017-05-06 |
CVE-2022-33139 | 2.0 | 9.8 | 0.0041 | 2022-06-21 |
CVE-2024-39375 | 2.0 | 9.8 | 0.0003 | 2024-06-27 |
CVE-2025-12868 | 2.0 | 9.8 | 0.0028 | 2025-11-10 |
CVE-2026-1363 | 2.0 | 9.8 | 0.0005 | 2026-01-23 |
CVE-2020-7591 | 1.8 | 8.8 | 0.0027 | 2020-10-15 |
CVE-2025-62650 | 1.7 | 8.3 | 0.0009 | 2025-10-17 |
CVE-2025-61940 | 1.7 | 8.3 | 0.0007 | 2025-12-02 |
CVE-2025-30042 | 1.6 | 7.8 | 0.0002 | 2026-03-02 |
CVE-2020-6988 | 1.5 | 7.5 | 0.0018 | 2020-03-16 |
CVE-2021-43355 | 1.5 | 7.3 | 0.0022 | 2022-01-21 |
CVE-2024-28627 | 1.5 | 7.5 | 0.0009 | 2024-04-23 |
CVE-2024-45785 | 1.5 | 7.5 | 0.0027 | 2024-10-25 |
CVE-2025-24517 | 1.5 | 7.5 | 0.0040 | 2025-03-31 |
CVE-2020-27266 | 1.3 | 6.5 | 0.0007 | 2021-01-19 |
CVE-2024-52327 | 1.3 | 6.5 | 0.0011 | 2025-01-23 |
CVE-2025-62649 | 1.2 | 5.8 | 0.0017 | 2025-10-17 |
CVE-2025-64119 | 0.0 | 0.0 | 0.0012 | 2026-01-02 |
CVE-2026-40551 | 0.0 | 0.0 | 0.0002 | 2026-04-28 |