Vulnerabilities > Authentication Bypass by Capture-replay

DATE CVE VULNERABILITY TITLE RISK
2022-11-14 CVE-2021-38827 Authentication Bypass by Capture-replay vulnerability in Xiongmaitech Xm-Jpr2-Lx Firmware 4.02.R12.A6420987.10002.147502.00000
Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to account takeover.
high complexity
xiongmaitech CWE-294
7.5
2022-11-08 CVE-2022-44457 Authentication Bypass by Capture-replay vulnerability in Mendix Saml
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML Module (Mendix 7 compatible) (All versions >= V1.17.0), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML Module (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML Module (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML Module (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML Module (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML Module (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4).
network
low complexity
mendix CWE-294
critical
9.8
2022-11-08 CVE-2020-35473 Authentication Bypass by Capture-replay vulnerability in Bluetooth Core Specification
An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses.
low complexity
bluetooth CWE-294
4.3
2022-10-25 CVE-2022-29475 Authentication Bypass by Capture-replay vulnerability in Goabode Iota All-In-One Security KIT Firmware 6.9X/6.9Z
An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc.
network
high complexity
goabode CWE-294
8.1
2022-10-18 CVE-2022-41541 Authentication Bypass by Capture-replay vulnerability in Tp-Link Ax10 Firmware V1211117
TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token.
network
high complexity
tp-link CWE-294
8.1
2022-10-14 CVE-2022-2780 Authentication Bypass by Capture-replay vulnerability in Octopus Server
In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack.
network
high complexity
octopus CWE-294
8.1
2022-10-11 CVE-2022-42731 Authentication Bypass by Capture-replay vulnerability in Django-Mfa2 Project Django-Mfa2
mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user.
network
low complexity
django-mfa2-project CWE-294
7.5
2022-09-13 CVE-2022-37011 Authentication Bypass by Capture-replay vulnerability in Mendix Saml
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML Module (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML Module (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0).
network
low complexity
mendix CWE-294
critical
9.8
2022-07-14 CVE-2022-29593 Authentication Bypass by Capture-replay vulnerability in Dingtian-Tech Dt-R004 Firmware 3.1.276A
relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request.
network
high complexity
dingtian-tech CWE-294
5.9
2022-07-04 CVE-2022-33208 Authentication Bypass by Capture-replay vulnerability in Omron products
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software 'Sysmac Studio' and/or a Programmable Terminal (PT) to access the controller.
network
omron CWE-294
6.8