目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-603 使用客户端的认证机制 类漏洞列表 19

CWE-603 使用客户端的认证机制 类弱点 19 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-603 指客户端认证漏洞,即应用仅在客户端代码中执行身份验证,而服务端缺乏相应检查。攻击者可通过修改客户端代码或逆向工程绕过认证机制,直接访问受保护资源。由于客户端代码易被读取和分析,此类防护极弱。开发者应避免依赖客户端进行安全决策,必须在服务端实施严格的身份验证逻辑,确保所有请求均经过服务器侧校验,以保障系统安全。

MITRE CWE 官方描述
CWE:CWE-603 使用客户端认证(Client-Side Authentication) 英文:客户端/服务器(client/server)产品在客户端代码中执行认证,但在服务器代码中未执行认证,导致可以通过修改客户端(即省略认证检查)来绕过服务器端认证。 客户端认证(Client-side authentication)极其脆弱,且容易被突破。任何攻击者都可以读取源代码并逆向工程(reverse-engineer)认证机制,从而访问原本受保护的应用程序部分。
常见影响 (1)
Access ControlBypass Protection Mechanism, Gain Privileges or Assume Identity
缓解措施 (1)
Architecture and DesignDo not rely on client side data. Always perform server side authentication.
代码示例 (1)
In 2022, the OT:ICEFALL study examined products by 10 different Operational Technology (OT) vendors. The researchers reported 56 vulnerabilities and said that the products were "insecure by design" [REF-1283]. If exploited, these vulnerabilities often allowed adversaries to change how the products operated, ranging from denial of service to changing the code that the products executed. Since these…
CVE ID标题CVSS风险等级Published
CVE-2026-40551 BinSoft mpGabinet 安全漏洞 — mpGabinet 7.8AIHighAI2026-04-28
CVE-2025-30042 CGM CLININET 安全漏洞 — CGM CLININET 6.6AIMediumAI2026-03-02
CVE-2026-1363 JNC IAQS和JNC I6 安全漏洞 — IAQS 9.8 Critical2026-01-23
CVE-2025-64119 Nuvation Energy Battery Management System 安全漏洞 — Battery Management System 9.8 -2026-01-02
CVE-2025-61940 Mirion Medical EC2 Software NMIS BioDose 安全漏洞 — EC2 Software NMIS BioDose 8.3 High2025-12-02
CVE-2025-12868 CyberTutor New Site Server 安全漏洞 — New Site Server 9.8 Critical2025-11-10
CVE-2025-62650 Restaurant Brands International assistant platform 安全漏洞 — assistant platform 8.3 High2025-10-17
CVE-2025-62649 Restaurant Brands International assistant platform 安全漏洞 — assistant platform 5.8 Medium2025-10-17
CVE-2025-24517 Inaba Denki Sangyo CHOCO TEI WATCHER mini 安全漏洞 — CHOCO TEI WATCHER mini (IB-MCT001) 7.5 High2025-03-31
CVE-2024-52327 ECOVACS robot lawnmowers和vacuums 安全漏洞 — ECOVACS HOME 6.5 Medium2025-01-23
CVE-2024-45785 NEUMANN MUSASI 安全漏洞 — MUSASI 7.5 -2024-10-25
CVE-2024-39375 TELSAT marKoni FM Transmitters 安全漏洞 — Markoni-D (Compact) FM Transmitters 9.8AICriticalAI2024-06-27
CVE-2022-3218 Necta WiFi Mouse 授权问题漏洞 — WiFi Mouse (Mouse Server) 9.8 -2022-09-19
CVE-2022-33139 Siemens SIMATIC WinCC OA 授权问题漏洞 — Cerberus DMS 9.8 -2022-06-21
CVE-2021-43355 Fresenius Kabi Agilia Connect Infusion System 授权问题漏洞 — Vigilant Software Suite (Mastermed Dashboard) 7.3 High2022-01-21
CVE-2020-27266 多款Sooil产品授权问题漏洞 — SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A 8.1 -2021-01-19
CVE-2020-7591 Siemens DESIGO INSIGHT 安全漏洞 — SIPORT MP 8.8 -2020-10-15
CVE-2020-6988 多款Rockwell Automation产品授权问题漏洞 — Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior 9.1 -2020-03-16
CVE-2017-7909 Advantech B+B SmartWorx MESR901固件安全漏洞 — Advantech B+B SmartWorx MESR901 9.1 -2017-05-06

CWE-603(使用客户端的认证机制) 是常见的弱点类别,本平台收录该类弱点关联的 19 条 CVE 漏洞。