Vulnerabilities > Authentication Bypass by Capture-replay

DATE CVE VULNERABILITY TITLE RISK
2018-09-14 CVE-2018-16242 Authentication Bypass by Capture-replay vulnerability in O.Bike products
oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass the locking mechanism by using Bluetooth Low Energy (BLE) to replay ciphertext based on a predictable nonce used in the locking protocol.
high complexity
o-bike CWE-294
5.3
2018-08-29 CVE-2018-7790 Authentication Bypass by Capture-replay vulnerability in Schneider-Electric Modicon M221 Firmware 1.1.1.5
An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0).
network
low complexity
schneider-electric CWE-294
critical
9.8
2017-10-13 CVE-2017-11786 Authentication Bypass by Capture-replay vulnerability in Microsoft Lync and Skype for Business
Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business 2016 allows an attacker to steal an authentication hash that can be reused elsewhere, due to how Skype for Business handles authentication requests, aka "Skype for Business Elevation of Privilege Vulnerability."
network
low complexity
microsoft CWE-294
8.8
2017-03-12 CVE-2017-6823 Authentication Bypass by Capture-replay vulnerability in Fiyo CMS 2.0.6.1
Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action.
network
low complexity
fiyo CWE-294
8.8