Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

CVEs (217)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-31277 1Mi 1Xiaomi Lamp 1 Firmware Nov 21, 2024 Jun 16, 2022 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 Xiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay attacks. This allows attackers to to bypass the expected access restrictions and gain control of the switch and other functions via a crafted POST reque...Show more Xiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay attacks. This allows attackers to to bypass the expected access restrictions and gain control of the switch and other functions via a crafted POST request.Show less
CVE-2022-30466 1Joybike 1Wolf Firmware Nov 21, 2024 Jun 7, 2022 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture-replay.
CVE-2022-31265 1Wargaming 1World Of Warships Nov 21, 2024 May 26, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The replay feature in the client in Wargaming World of Warships 0.11.4 allows remote attackers to execute code when a user launches a replay from an untrusted source.
CVE-2022-29334 1H Project 1H Nov 21, 2024 May 24, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue in H v1.0 allows attackers to bypass authentication via a session replay attack.
CVE-2022-29878 1Siemens 367kg8500 0aa00 0aa0 Firmware 7kg8500 0aa00 2aa0 Firmware7kg8500 0aa10 0aa0 Firmware+33 more Dec 9, 2025 May 20, 2022 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices use a limited range for challenges that are sent during the unencrypted challenge-response communication. An unauthenticated attacker...Show more A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices use a limited range for challenges that are sent during the unencrypted challenge-response communication. An unauthenticated attacker could capture a valid challenge-response pair generated by a legitimate user, and request the webpage repeatedly to wait for the same challenge to reappear for which the correct response is known. This could allow the attacker to access the management interface of the device.Show less
CVE-2020-27374 1Drtrustusa 1Icheck Connect Bp Monitor Bp Testing 118 Firmware Nov 21, 2024 Apr 7, 2022 N/A· v4 7.5 HIGH· v3 7.9 HIGH· v2 Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to BP Monitoring.
CVE-2022-25159 1Mitsubishielectric 16Fx5uc 32mr/ds Ts Firmware Fx5uc 32mt/d FirmwareFx5uc 32mt/ds Ts Firmware+13 more Nov 21, 2024 Apr 1, 2022 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R ser...Show more Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to login to the product by replay attack.Show less
CVE-2022-22936 1Saltstack 1Salt May 5, 2025 Mar 29, 2022 N/A· v4 8.8 HIGH· v3 5.4 MEDIUM· v2 An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causin...Show more An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A sufficient craft attacker could gain root access on minion under certain scenarios.Show less
CVE-2022-27254 1Honda 1Civic 2018 Firmware Nov 21, 2024 Mar 23, 2022 N/A· v4 5.3 MEDIUM· v3 2.9 LOW· v2 The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door-open request, which allows for a replay attack, a related issue to CVE-2019-20626.
CVE-2021-38296 2Apache Oracle 2Financial Services Crime And Compliance Management Studio Spark Nov 21, 2024 Mar 10, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for...Show more Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would allow someone to decrypt plaintext traffic offline. Note that this does not affect security mechanisms controlled by "spark.authenticate.enableSaslEncryption", "spark.io.encryption.enabled", "spark.ssl", "spark.ui.strictTransportSecurity". Update to Apache Spark 3.1.3 or laterShow less
CVE-2022-22806 1Schneider Electric 8Scl Series 1029 Ups Firmware Scl Series 1030 Ups FirmwareScl Series 1036 Ups Firmware+5 more Nov 21, 2024 Mar 9, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SM...Show more A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)Show less
CVE-2021-39364 1Honeywell 2Hbw2per1 Firmware Hdzp252di Firmware Nov 21, 2024 Feb 24, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achieved.
CVE-2022-25838 1Laravel 1Fortify Nov 21, 2024 Feb 24, 2022 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept.
CVE-2021-46145 1Honda 1Civic 2012 Nov 21, 2024 Jan 6, 2022 N/A· v4 5.3 MEDIUM· v3 2.9 LOW· v2 The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is related to a non-expiring rolling code and counter resynchronization.
CVE-2021-40170 1Securitashome 1Securitashome Alarm System Firmware Nov 21, 2024 Dec 15, 2021 N/A· v4 6.8 MEDIUM· v3 5.8 MEDIUM· v2 An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to trigger arbitrary system functionality by replaying previously reco...Show more An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to trigger arbitrary system functionality by replaying previously recorded signals. This lets an adversary, among other things, disarm an armed system.Show less
CVE-2021-41030 1Fortinet 1Forticlient Enterprise Management Server Nov 21, 2024 Dec 8, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and...Show more An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages.Show less
CVE-2021-38459 1Auvesy 1Versiondog Nov 21, 2024 Oct 22, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/c...Show more The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user passwords or delete the database.Show less
CVE-2021-35067 1Meross 1Msg100 Firmware Nov 21, 2024 Oct 7, 2021 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message).
CVE-2021-25480 1Google 1Android Nov 21, 2024 Oct 6, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection.
CVE-2021-27662 1Johnsoncontrols 1Kantech Kt 1 Door Controller Firmware Nov 21, 2024 Sep 15, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. This issue affects Johnson Controls KT-1 all versions up to and including 3.01

Previous 1...789 10 11 Next