Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

CVEs (217)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-15688 1Embedthis 1Goahead Nov 21, 2024 Jul 23, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS...Show more The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel.Show less
CVE-2020-10045 1Siemens 3Sicam Mmu Firmware Sicam Sgu FirmwareSicam T Firmware Nov 21, 2024 Jul 14, 2020 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An error in the challenge-response procedure could allow an attacker to replay authentica...Show more A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An error in the challenge-response procedure could allow an attacker to replay authentication traffic and gain access to protected areas of the web application.Show less
CVE-2020-4042 1Bareos 1Bareos Nov 21, 2024 Jul 10, 2020 N/A· v4 6.8 MEDIUM· v3 4.3 MEDIUM· v2 Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client its...Show more Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8.Show less
CVE-2020-9438 1Tinxy 1Smart Wifi Door Lock Firmware Nov 21, 2024 Jun 23, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock request that occurred when the attacker was previously authorized. In other words, door-access revocation is mishandled.
CVE-2020-12692 2Canonical Openstack 2Keystone Ubuntu Linux Nov 21, 2024 May 7, 2020 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an...Show more An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.Show less
CVE-2020-5300 1Ory 1Hydra Nov 21, 2024 Apr 6, 2020 N/A· v4 5.3 MEDIUM· v3 3.5 LOW· v2 In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the followi...Show more In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion `jti`: "A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties". Hydra does not check the uniqueness of this `jti` value. Exploiting this vulnerability is somewhat difficult because: - TLS protects against MITM which makes it difficult to intercept valid tokens for replay attacks - The expiry time of the JWT gives only a short window of opportunity where it could be replayed This has been patched in version v1.4.0+oryOS.17Show less
CVE-2020-5261 1Sustainsys 1Saml2 Nov 21, 2024 Mar 25, 2020 N/A· v4 6.8 MEDIUM· v3 4.9 MEDIUM· v2 Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important def...Show more Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use.Show less
CVE-2020-6972 1Honeywell 1Notifier Webserver Nov 21, 2024 Mar 24, 2020 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser.
CVE-2019-20626 1Honda 1Hr V 2017 Firmware Nov 21, 2024 Mar 23, 2020 N/A· v4 6.5 MEDIUM· v3 3.3 LOW· v2 The remote keyless system on Honda HR-V 2017 vehicles sends the same RF signal for each door-open request, which might allow a replay attack.
CVE-2020-10185 1Yubico 1Yubikey One Time Password Validation Server Nov 21, 2024 Mar 5, 2020 N/A· v4 8.6 HIGH· v3 6.8 MEDIUM· v2 The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service wit...Show more The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT affect YubiCloud.Show less
CVE-2013-1351 1Veraxsystems 1Network Management System Nov 21, 2024 Jan 30, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password.
CVE-2019-13533 1Omron 2Plc Cj Firmware Plc Cs Firmware Jun 2, 2026 Dec 16, 2019 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of indust...Show more In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves.Show less
CVE-2019-12393 1Anviz 1Management System Nov 21, 2024 Dec 2, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests.
CVE-2019-18226 1Honeywell 64H2w2gr1 Firmware H2w2pc1m FirmwareH2w2per3 Firmware+61 more Nov 21, 2024 Oct 31, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication...Show more Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.Show less
CVE-2019-12887 1Keyidentity 1Linotp Nov 21, 2024 Jun 27, 2019 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 of 2).
CVE-2019-11334 1Tzumi 2Klic Lock Klic Smart Padlock Model 5686 Firmware Nov 21, 2024 Jun 11, 2019 N/A· v4 3.7 LOW· v3 4.3 MEDIUM· v2 An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources (that are not otherwise accessible without proper authenticat...Show more An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources (that are not otherwise accessible without proper authentication) via capture-replay. Physically proximate attackers can use this information to unlock unauthorized Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2.Show less
CVE-2019-9158 1Gemalto 1Ezio Ds3 Server Nov 21, 2024 Jun 5, 2019 N/A· v4 5.7 MEDIUM· v3 2.7 LOW· v2 Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control.
CVE-2019-5307 1Huawei 2P30 Firmware P30 Pro Firmware Nov 21, 2024 Jun 4, 2019 N/A· v4 4.2 MEDIUM· v3 4.3 MEDIUM· v2 Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For th...Show more Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tamper with GUTIs, or replay the Identity request message to obtain IMSIs. (Vulnerability ID: HWPSIRT-2019-04107)Show less
CVE-2019-3915 1Verizon 1Fios Quantum Gateway G1100 Firmware Nov 21, 2024 Apr 11, 2019 N/A· v4 7.5 HIGH· v3 5.4 MEDIUM· v2 Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login req...Show more Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface.Show less
CVE-2018-15498 1Ysoft 1Safeq Server Client Nov 21, 2024 Mar 21, 2019 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 YSoft SafeQ Server 6 allows a replay attack.

Previous 1...7 8 91011 Next