Cyber Resilience

CWE · MITRE source

CWE-603Use of Client-Side Authentication

Abstraction: Base · CVEs in our corpus: 22

A client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client that omits the authentication check.

Client-side authentication is extremely weak and may be breached easily. Any attacker may read the source code and reverse-engineer the authentication mechanism to access parts of the application which would otherwise be protected.

Last updated: 04 July 2026 00:28 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: full · 6 mapping(s) from 3 framework(s): ASVS 5.0 4 (mostly) · OWASP-Web 1 (full) · ATT&CK 1 (mostly)

See the full cumulative-coverage rollup →

NIST 800-53 r5 controls that address this weakness (0)AI

Control Title Family Why it addresses this CWE
No NIST controls proposed yet.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2022-32188.09.80.73482022-09-19
CVE-2017-79097.09.80.02622017-05-06
CVE-2022-331397.09.80.01172022-06-21
CVE-2024-393757.09.80.00572024-06-27
CVE-2025-128687.09.80.00482025-11-10
CVE-2026-13637.09.80.00542026-01-23
CVE-2020-6988 UPD5.57.50.03892020-03-16
CVE-2020-75915.58.80.01462020-10-15
CVE-2021-433555.57.30.00982022-01-21
CVE-2024-286275.57.50.00432024-04-23
CVE-2024-457855.57.50.00432024-10-25
CVE-2025-245175.57.50.00792025-03-31
CVE-2025-626505.58.30.00482025-10-17
CVE-2025-619405.58.30.00292025-12-02
CVE-2025-300425.57.80.00092026-03-02
CVE-2020-272663.56.50.00582021-01-19
CVE-2024-523273.56.50.00462025-01-23
CVE-2025-626493.55.80.00492025-10-17
CVE-2026-8830 UPD3.54.30.00392026-05-19