Vulnerabilities > Authentication Bypass by Capture-replay
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-10 | CVE-2020-4042 | Authentication Bypass by Capture-replay vulnerability in Bareos Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. | 6.8 |
| 2020-06-23 | CVE-2020-9438 | Authentication Bypass by Capture-replay vulnerability in Tinxy Smart Wifi Door Lock Firmware Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock request that occurred when the attacker was previously authorized. | 5.9 |
| 2020-05-07 | CVE-2020-12692 | Authentication Bypass by Capture-replay vulnerability in multiple products An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. | 5.4 |
| 2020-04-06 | CVE-2020-5300 | Authentication Bypass by Capture-replay vulnerability in ORY Hydra In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion `jti`: "A unique identifier for the token, which can be used to prevent reuse of the token. | 5.3 |
| 2020-03-25 | CVE-2020-5261 | Authentication Bypass by Capture-replay vulnerability in Sustainsys Saml2 Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. | 6.8 |
| 2020-03-24 | CVE-2020-6972 | Authentication Bypass by Capture-replay vulnerability in Honeywell Notifier Webserver 3.50 In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser. | 9.1 |
| 2020-03-23 | CVE-2019-20626 | Authentication Bypass by Capture-replay vulnerability in Honda Hr-V 2017 Firmware The remote keyless system on Honda HR-V 2017 vehicles sends the same RF signal for each door-open request, which might allow a replay attack. | 6.5 |
| 2020-03-05 | CVE-2020-10185 | Authentication Bypass by Capture-replay vulnerability in Yubico Yubikey ONE Time Password Validation Server The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. | 8.6 |
| 2020-01-30 | CVE-2013-1351 | Authentication Bypass by Capture-replay vulnerability in Veraxsystems Network Management System Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password. | 5.9 |
| 2019-12-16 | CVE-2019-13533 | Authentication Bypass by Capture-replay vulnerability in Omron PLC CJ Firmware and PLC CS Firmware In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves. | 8.1 |