Vulnerabilities > Authentication Bypass by Capture-replay
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-06 | CVE-2020-5300 | Authentication Bypass by Capture-replay vulnerability in ORY Hydra In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion `jti`: "A unique identifier for the token, which can be used to prevent reuse of the token. | 5.3 |
| 2020-03-25 | CVE-2020-5261 | Authentication Bypass by Capture-replay vulnerability in Sustainsys Saml2 Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. | 6.8 |
| 2020-03-24 | CVE-2020-6972 | Authentication Bypass by Capture-replay vulnerability in Honeywell Notifier Webserver 3.50 In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser. | 9.1 |
| 2020-03-23 | CVE-2019-20626 | Authentication Bypass by Capture-replay vulnerability in Honda Hr-V 2017 Firmware The remote keyless system on Honda HR-V 2017 vehicles sends the same RF signal for each door-open request, which might allow a replay attack. | 6.5 |
| 2020-03-05 | CVE-2020-10185 | Authentication Bypass by Capture-replay vulnerability in Yubico Yubikey ONE Time Password Validation Server The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. | 8.6 |
| 2020-01-30 | CVE-2013-1351 | Authentication Bypass by Capture-replay vulnerability in Veraxsystems Network Management System Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password. | 5.9 |
| 2019-12-16 | CVE-2019-13533 | Authentication Bypass by Capture-replay vulnerability in Omron PLC CJ Firmware and PLC CS Firmware In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves. | 8.1 |
| 2019-12-02 | CVE-2019-12393 | Authentication Bypass by Capture-replay vulnerability in Anviz Management System Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests. | 7.5 |
| 2019-10-31 | CVE-2019-18226 | Authentication Bypass by Capture-replay vulnerability in Honeywell products Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products. | 9.8 |
| 2019-06-27 | CVE-2019-12887 | Authentication Bypass by Capture-replay vulnerability in Keyidentity Linotp KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 of 2). | 8.1 |