Vulnerabilities > Authentication Bypass by Capture-replay

DATE CVE VULNERABILITY TITLE RISK
2024-11-09 CVE-2024-36250 Authentication Bypass by Capture-replay vulnerability in Mattermost Server
Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within ~30 seconds
network
high complexity
mattermost CWE-294
4.8
2024-10-29 CVE-2024-22066 Authentication Bypass by Capture-replay vulnerability in ZTE products
There is a privilege escalation vulnerability in ZTE ZXR10 ZSR V2 intelligent multi service router .
network
low complexity
zte CWE-294
6.5
2024-09-18 CVE-2024-39081 Authentication Bypass by Capture-replay vulnerability in Jktyre Smart Tyre CAR & Bike 4.2.0
An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack via Bluetooth communications.
high complexity
jktyre CWE-294
4.2
2024-08-30 CVE-2024-8260 Authentication Bypass by Capture-replay vulnerability in Openpolicyagent Open Policy Agent
A SMB force-authentication vulnerability exists in all versions of OPA for Windows prior to v0.68.0.
local
low complexity
openpolicyagent CWE-294
7.3
2024-08-27 CVE-2024-3982 Authentication Bypass by Capture-replay vulnerability in Hitachienergy Microscada X Sys600
An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the session logging supporting the product and try to exploit a session hijacking of an already established session.
local
low complexity
hitachienergy CWE-294
8.2
2024-07-30 CVE-2024-5249 Authentication Bypass by Capture-replay vulnerability in Perforce Akana API
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed.
network
low complexity
perforce CWE-294
7.5
2024-06-26 CVE-2024-38272 Authentication Bypass by Capture-replay vulnerability in Google Nearby
There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can't send a file without the user accept from the receiving device if the visibility is set to everyone mode or contacts mode. We recommend upgrading to version 1.0.1724.0 of Quick Share or above
low complexity
google CWE-294
4.3
2024-06-12 CVE-2024-34065 Authentication Bypass by Capture-replay vulnerability in Strapi
Strapi is an open-source content management system.
network
low complexity
strapi CWE-294
8.1
2024-06-05 CVE-2024-4009 Authentication Bypass by Capture-replay vulnerability in ABB products
Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows attacker to capture/replay KNX telegram to local KNX Bus-System
local
low complexity
abb CWE-294
7.8
2024-01-23 CVE-2023-46892 Authentication Bypass by Capture-replay vulnerability in Meross Msh30Q Firmware 4.5.23
The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to replay attacks, allowing attackers to record and replay previously captured communication to execute unauthorized commands or actions (e.g., thermostat's temperature).
low complexity
meross CWE-294
8.8