Vulnerabilities > Authentication Bypass by Capture-replay
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-31 | CVE-2023-20900 | Authentication Bypass by Capture-replay vulnerability in multiple products A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | 7.5 |
| 2023-07-20 | CVE-2023-34625 | Authentication Bypass by Capture-replay vulnerability in Showmojo Mojobox Firmware 1.4 ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. | 8.1 |
| 2023-07-06 | CVE-2022-48507 | Authentication Bypass by Capture-replay vulnerability in Huawei Emui and Harmonyos Vulnerability of identity verification being bypassed in the storage module. | 7.5 |
| 2023-06-30 | CVE-2023-2846 | Authentication Bypass by Capture-replay vulnerability in Mitsubishielectric products Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets. | 9.1 |
| 2023-06-22 | CVE-2023-34553 | Authentication Bypass by Capture-replay vulnerability in Wafucn Wafu Keyless Smart Lock Firmware 1.0 An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via code replay attack. | 6.5 |
| 2023-06-19 | CVE-2023-29158 | Authentication Bypass by Capture-replay vulnerability in Subnet Powersystem Center 2020 SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity. | 9.1 |
| 2023-06-13 | CVE-2023-33621 | Authentication Bypass by Capture-replay vulnerability in Gl-Inet Gl-Ar750S Firmware 3.215 GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. | 5.9 |
| 2023-05-24 | CVE-2023-31759 | Authentication Bypass by Capture-replay vulnerability in Keruistore Kerui W18 Firmware 1.0 Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack. | 7.5 |
| 2023-05-24 | CVE-2023-31761 | Authentication Bypass by Capture-replay vulnerability in Blitzwolf Bw-Is22 Firmware 1.0 Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attackers to gain full access to the system via a code replay attack. | 7.5 |
| 2023-05-24 | CVE-2023-31762 | Authentication Bypass by Capture-replay vulnerability in Mydigoo Dg-Hamb Firmware 1.0 Weak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to gain full access to the system via a code replay attack. | 7.5 |