Authentication / Use of Client-Side Authentication
Use of Client-Side Authentication is a vulnerability that occurs when authentication is solely based on client-side technologies. This type of authentication is vulnerable to malicious users who can manipulate the authentication process by modifying and tampering with the client-side code (CWE-311). This type of authentication can be found in web and API applications and is generally considered to be a weak form of authentication (OWASP Testing Guide).
The primary risk associated with Use of Client-Side Authentication is that a malicious user can gain access to sensitive data and resources, as authentication can be bypassed or compromised by manipulating the client-side code. This type of vulnerability can also lead to other security issues, such as cross-site scripting (XSS) and cross-site request forgery (CSRF).
The best way to mitigate the Use of Client-Side Authentication vulnerability is to ensure that the authentication process is balanced between the client-side code and the server-side code. This can be done by using a two-factor authentication process and by using cryptographic techniques, such as hashing and salting, to secure the authentication data.