CWE-602—Client-Side Enforcement of Server-Side Security
PUBLISHEDweakness recordMedium
released 2007-05-07 · last modified 2025-12-11
Metadata
名称
Client-Side Enforcement of Server-Side Security
描述
The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.
When the server relies on protection mechanisms placed on the client side, an attacker can modify the client-side behavior to bypass the protection mechanisms, resulting in potentially unexpected interactions between the client and server. The consequences will vary, depending on what the mechanisms are trying to protect.