CWE-602 – Client-Side Enforcement of Server-Side Security

Read Time:2 Minute, 9 Second

Description

The software is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

When the server relies on protection mechanisms placed on the client side, an attacker can modify the client-side behavior to bypass the protection mechanisms resulting in potentially unexpected interactions between the client and server. The consequences will vary, depending on what the mechanisms are trying to protect.

Modes of Introduction:

– Architecture and Design

 

Likelihood of Exploit: Medium

 

Related Weaknesses

CWE-669
CWE-693
CWE-471
CWE-290
CWE-300

 

Consequences

Access Control, Availability: Bypass Protection Mechanism, DoS: Crash, Exit, or Restart

Client-side validation checks can be easily bypassed, allowing malformed or unexpected input to pass into the application, potentially as trusted data. This may lead to unexpected states, behaviors and possibly a resulting crash.

Access Control: Bypass Protection Mechanism, Gain Privileges or Assume Identity

Client-side checks for authentication can be easily bypassed, allowing clients to escalate their access levels and perform unintended actions.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Phase: Architecture and Design

Description: 

If some degree of trust is required between the two entities, then use integrity checking and strong authentication to ensure that the inputs are coming from a trusted source. Design the product so that this trust is managed in a centralized fashion, especially if there are complex or numerous communication channels, in order to reduce the risks that the implementer will mistakenly omit a check in a single code path.

Phase: Testing

Description: 

Use dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software’s operation may slow down, but it should not become unstable, crash, or generate incorrect results.

Phase: Testing

Description: 

Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.

CVE References

  • CVE-2006-6994
    • ASP program allows upload of .asp files by bypassing client-side checks.
  • CVE-2007-0163
    • steganography products embed password information in the carrier file, which can be extracted from a modified client.
  • CVE-2007-0164
    • steganography products embed password information in the carrier file, which can be extracted from a modified client.
  • CVE-2007-0100
    • client allows server to modify client’s configuration and overwrite arbitrary files.