Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

CVEs (217)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-44555 1Huawei 2Emui Harmonyos May 1, 2025 Nov 9, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 The DDMP/ODMF module has a service hijacking vulnerability. Successful exploit of this vulnerability may cause services to be unavailable.
CVE-2022-44457 1Mendix 1Saml May 1, 2025 Nov 8, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions <...Show more A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration.Show less
CVE-2020-35473 1Bluetooth 1Bluetooth Core Specification May 1, 2025 Nov 8, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2,...Show more An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses. RPAs that have been associated with a specific remote device may also be used to identify a peer in the same manner by using its reaction to an active scan request. This has also been called an allowlist-based side channel.Show less
CVE-2022-29475 1Goabode 1Iota All In One Security Kit Firmware Nov 21, 2024 Oct 25, 2022 N/A· v4 8.1 HIGH· v3 N/A· v2 An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted man-in-the-middle attack can lead to increased privileges...Show more An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.Show less
CVE-2022-41541 1Tp Link 1Ax10 Firmware May 15, 2025 Oct 18, 2022 N/A· v4 8.1 HIGH· v3 N/A· v2 TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application a...Show more TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. Attackers are able to login to the web application as an admin user.Show less
CVE-2022-2780 1Octopus 1Octopus Server May 15, 2025 Oct 14, 2022 N/A· v4 8.1 HIGH· v3 N/A· v2 In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack.
CVE-2022-42731 1Django Mfa2 Project 1Django Mfa2 May 20, 2025 Oct 11, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage.
CVE-2021-46835 1Huawei 1Ws7200 10 Firmware May 28, 2025 Sep 20, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 There is a traffic hijacking vulnerability in WS7200-10 11.0.2.13. Successful exploitation of this vulnerability can cause packets to be hijacked by attackers.
CVE-2022-40621 1Wavlink 1Wn531g3 Firmware Nov 21, 2024 Sep 13, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is poss...Show more Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack.Show less
CVE-2022-37011 1Mendix 1Saml Nov 21, 2024 Sep 13, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V...Show more A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0). Affected versions of the module insufficiently protect from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled.Show less
CVE-2022-36089 1Kubevela 1Kubevela Nov 21, 2024 Sep 7, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 KubeVela is an application delivery platform Users using KubeVela's VelaUX APIServer could be affected by an authentication bypass vulnerability. In KubeVela prior to versions 1.4.11 and 1.5.4, VelaUX APIServer uses the...Show more KubeVela is an application delivery platform Users using KubeVela's VelaUX APIServer could be affected by an authentication bypass vulnerability. In KubeVela prior to versions 1.4.11 and 1.5.4, VelaUX APIServer uses the `PlatformID` as the signed key to generate the JWT tokens for users. Another API called `getSystemInfo` exposes the platformID. This vulnerability allows users to use the platformID to re-generate the JWT tokens to bypass the authentication. Versions 1.4.11 and 1.5.4 contain a patch for this issue.Show less
CVE-2022-37418 3Hyundai KiaNissan 3Hyundai Firmware Kia FirmwareNissan Firmware Apr 6, 2026 Aug 24, 2022 N/A· v4 6.4 MEDIUM· v3 N/A· v2 The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive v...Show more The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.Show less
CVE-2022-37305 1Honda 1Honda Firmware Nov 21, 2024 Aug 24, 2022 N/A· v4 6.4 MEDIUM· v3 N/A· v2 The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals o...Show more The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.Show less
CVE-2022-36945 1Mazda 1Mazda Firmware Nov 21, 2024 Aug 24, 2022 N/A· v4 6.4 MEDIUM· v3 N/A· v2 The Remote Keyless Entry (RKE) receiving unit on certain Mazda vehicles through 2020 allows remote attackers to perform unlock operations and force a resynchronization after capturing three consecutive valid key-fob sign...Show more The Remote Keyless Entry (RKE) receiving unit on certain Mazda vehicles through 2020 allows remote attackers to perform unlock operations and force a resynchronization after capturing three consecutive valid key-fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.Show less
CVE-2021-22640 1Ovarro 8Tbox Lt2 530 Firmware Tbox Lt2 532 FirmwareTbox Lt2 540 Firmware+5 more Apr 17, 2025 Jul 28, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks.
CVE-2022-31158 1Packback 1Lti 1.3 Tool Library Nov 21, 2024 Jul 15, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Requ...Show more LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are currently no known workarounds.Show less
CVE-2022-29593 1Dingtian Tech 1Dt R004 Firmware May 5, 2025 Jul 14, 2022 N/A· v4 5.9 MEDIUM· v3 N/A· v2 relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request.
CVE-2022-33971 1Omron 52Nj Pa3001 Firmware Nj Pd3001 FirmwareNj101 1000 Firmware+49 more Jun 2, 2026 Jul 4, 2022 N/A· v4 7.5 HIGH· v3 5.4 MEDIUM· v2 Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine au...Show more Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program.Show less
CVE-2022-33208 1Omron 57Na5 12w Firmware Na5 15w FirmwareNa5 7w Firmware+54 more Nov 21, 2024 Jul 4, 2022 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automa...Show more Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software 'Sysmac Studio' and/or a Programmable Terminal (PT) to access the controller.Show less
CVE-2022-30467 1Joyebike 1Wolf 2022 Firmware Nov 21, 2024 Jun 29, 2022 N/A· v4 6.8 MEDIUM· v3 4.3 MEDIUM· v2 Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote attackers to jam the key fob request via RF.

Previous 1...678...11 Next