Description
A client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client that omits the authentication check.
Extended Description
Client-side authentication is extremely weak and may be breached easily. Any attacker may read the source code and reverse-engineer the authentication mechanism to access parts of the application which would otherwise be protected.
CVE vulnerabilities with CWE-603 (22)
9.8
CVSS
CRITICAL
CVE-2022-3218
pub. 2022-09-19
9.8
CVSS
CRITICAL
CVE-2022-33139
pub. 2022-06-21
9.8
CVSS
CRITICAL
CVE-2017-7909
pub. 2017-05-06
9.3
CVSS
CRITICAL
CVE-2026-1363
pub. 2026-01-23
9.3
CVSS
CRITICAL
CVE-2025-64119
pub. 2026-01-02
9.3
CVSS
CRITICAL
CVE-2025-12868
pub. 2025-11-10
9.3
CVSS
CRITICAL
CVE-2024-39375
pub. 2024-06-27
9.0
CVSS
CRITICAL
CVE-2025-30042
pub. 2026-03-02
8.8
CVSS
HIGH
CVE-2020-7591
pub. 2020-10-15
8.7
CVSS
HIGH
CVE-2026-42098
pub. 2026-05-19
8.7
CVSS
HIGH
CVE-2025-61940
pub. 2025-12-02
8.4
CVSS
HIGH
CVE-2026-40551
pub. 2026-04-28
8.3
CVSS
HIGH
CVE-2025-62650
pub. 2025-10-17
7.5
CVSS
HIGH
CVE-2025-24517
pub. 2025-03-31
7.5
CVSS
HIGH
CVE-2024-45785
pub. 2024-10-25
7.5
CVSS
HIGH
CVE-2024-28627
pub. 2024-04-23
7.5
CVSS
HIGH
CVE-2020-6988
pub. 2020-03-16
7.3
CVSS
HIGH
CVE-2021-43355
pub. 2022-01-21
6.5
CVSS
MEDIUM
CVE-2020-27266
pub. 2021-01-19
6.0
CVSS
MEDIUM
CVE-2024-52327
pub. 2025-01-23
Showing 20 of 22 vulnerabilities