Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

CVEs (217)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-26824 1Dm Fingertool Project 1Dm Fingertool Nov 21, 2024 Jul 26, 2021 N/A· v4 7.1 HIGH· v3 5.6 MEDIUM· v2 DM FingerTool v1.19 in the DM PD065 Secure USB is susceptible to improper authentication by a replay attack, allowing local attackers to bypass user authentication and access all features and data on the USB.
CVE-2020-23178 1Php Fusion 1Php Fusion Nov 21, 2024 Jul 2, 2021 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user.
CVE-2021-31958 1Microsoft 8Windows 10 Windows 7Windows 8.1+5 more Nov 21, 2024 Jun 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Windows NTLM Elevation of Privilege Vulnerability
CVE-2020-28713 1Nightowlsp 1Smart Doorbell Firmware Nov 21, 2024 Jun 8, 2021 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record...Show more Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via an exposed PNS server. A remote attacker can passively record push notification events which are sent over an insecure web request. The web service does not authenticate requests, and allows attackers to send an indefinite amount of motion or doorbell events to a user's mobile application by either replaying or deliberately crafting false events.Show less
CVE-2021-27572 1Remotemouse 1Emote Remote Mouse Nov 21, 2024 May 7, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in Emote Remote Mouse through 4.0.0.0. Authentication Bypass can occur via Packet Replay. Remote unauthenticated users can execute arbitrary code via crafted UDP packets even when passwords are se...Show more An issue was discovered in Emote Remote Mouse through 4.0.0.0. Authentication Bypass can occur via Packet Replay. Remote unauthenticated users can execute arbitrary code via crafted UDP packets even when passwords are set.Show less
CVE-2021-22267 1Hpe 1Web Viewpoint Nov 21, 2024 Feb 9, 2021 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, an...Show more Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay attack for T0320L01^ABP through T0320L01^ABZ, T0952L01^AAH through T0952L01^AAR, T0986L01 through T0986L01^AAF, T0665L01^AAP, and T0662L01^AAP (L) and T0320H01^ABO through T0320H01^ABY, T0952H01^AAG through T0952H01^AAQ, T0986H01 through T0986H01^AAE, T0665H01^AAO, and T0662H01^AAO (J and H).Show less
CVE-2021-25835 1Chainsafe 1Ethermint Nov 21, 2024 Feb 8, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a veri...Show more Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with the same msg content and chainIDEpoch, which enables "cross-chain transaction replay" attack.Show less
CVE-2021-25834 1Chainsafe 1Ethermint Nov 21, 2024 Feb 8, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application.
CVE-2020-27269 1Sooil 3Anydana A Firmware Anydana I FirmwareDiabecare Rs Firmware Nov 21, 2024 Jan 19, 2021 N/A· v4 5.7 MEDIUM· v3 2.9 LOW· v2 In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unau...Show more In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences via Bluetooth Low Energy.Show less
CVE-2020-26172 1Tangro 1Business Workflow Nov 21, 2024 Dec 18, 2020 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. The JWT token does not contain an expiration timestamp.
CVE-2020-35551 1Google 1Android Nov 21, 2024 Dec 18, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be...Show more An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 (December 2020).Show less
CVE-2020-14302 1Redhat 1Keycloak Nov 21, 2024 Dec 15, 2020 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" paramet...Show more A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks.Show less
CVE-2020-25660 2Fedoraproject Redhat 4Ceph Ceph StorageFedora+1 more Nov 21, 2024 Nov 23, 2020 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows a...Show more A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus. This flaw allows an attacker with access to the Ceph cluster network to authenticate with the Ceph service via a packet sniffer and perform actions allowed by the Ceph service. This issue is a reintroduction of CVE-2018-1128, affecting the msgr2 protocol. The msgr 2 protocol is used for all communication except older clients that do not support the msgr2 protocol. The msgr1 protocol is not affected. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.Show less
CVE-2020-13799 2Linaro Westerndigital 4Inand Cl Em132 Firmware Inand Ix Em132 FirmwareInand Ix Em132 Xi Firmware+1 more Nov 21, 2024 Nov 18, 2020 N/A· v4 6.8 MEDIUM· v3 4.6 MEDIUM· v2 Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe...Show more Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe. The RPMB protocol is specified by industry standards bodies and is implemented by storage devices from multiple vendors to assist host systems in securing trusted firmware. Several scenarios have been identified in which the RPMB state may be affected by an attacker without the knowledge of the trusted component that uses the RPMB feature.Show less
CVE-2020-12355 1Intel 1Trusted Execution Engine Nov 4, 2025 Nov 12, 2020 N/A· v4 6.8 MEDIUM· v3 4.6 MEDIUM· v2 Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physica...Show more Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.Show less
CVE-2018-19025 1Juuko 1K 808 Firmware Nov 21, 2024 Nov 2, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.).
CVE-2018-17932 1Juuko 1K 800 Firmware Nov 21, 2024 Nov 2, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the device, view commands, o...Show more JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the device, view commands, or cause the device to stop running.Show less
CVE-2020-27157 1Veritas 1Aptare Nov 21, 2024 Oct 15, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and...Show more Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the targeted user account.Show less
CVE-2020-24722 1Exposure Notifications Project 1Exposure Notifications Nov 21, 2024 Oct 7, 2020 N/A· v4 5.9 MEDIUM· v3 2.6 LOW· v2 An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksu...Show more An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS. The encrypted metadata block with a TX value lacks a checksum, allowing bitflipping to amplify a contamination attack. This can cause metadata deanonymization and risk-score inflation. NOTE: the vendor's position is "We do not believe that TX power authentication would be a useful defense against relay attacks.Show less
CVE-2019-11856 1Sierrawireless 1Aleos Nov 21, 2024 Aug 21, 2020 N/A· v4 3.8 LOW· v3 5.5 MEDIUM· v2 A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same crede...Show more A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials.Show less

Previous 1...7 8910 11 Next