CWE-602
Client-Side Enforcement of Server-Side Security
AI Translation Available
The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.
Status
draft
Abstraction
class
Likelihood
medium
Affected Platforms
ICS/OT
Mobile
Extended Description
AI Translation
When the server relies on protection mechanisms placed on the client side, an attacker can modify the client-side behavior to bypass the protection mechanisms, resulting in potentially unexpected interactions between the client and server. The consequences will vary, depending on what the mechanisms are trying to protect.
Technical Details
AI Translation
Common Consequences
access control
availability
Impacts
bypass protection mechanism
dos: crash, exit, or restart
gain privileges or assume identity
Detection Methods
fuzzing
manual analysis
Potential Mitigations
Phases:
architecture and design
Descriptions:
•
If some degree of trust is required between the two entities, then use integrity checking and strong authentication to ensure that the inputs are coming from a trusted source. Design the product so that this trust is managed in a centralized fashion, especially if there are complex or numerous communication channels, in order to reduce the risks that the implementer will mistakenly omit a check in a single code path.
•
For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
Even though client-side checks provide minimal benefits with respect to server-side security, they are still useful. First, they can support intrusion detection. If the server receives input that should have been rejected by the client, then it may be an indication of an attack. Second, client-side error-checking can provide helpful feedback to the user about the expectations for valid input. Third, there may be a reduction in server-side processing time for accidental input errors, although this is typically a small savings.