Vulnerabilities > Authentication Bypass by Capture-replay

DATE CVE VULNERABILITY TITLE RISK
2023-01-09 CVE-2023-0036 Authentication Bypass by Capture-replay vulnerability in Openatom Openharmony
platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege.
local
low complexity
openatom CWE-294
7.8
2023-01-03 CVE-2022-38766 Authentication Bypass by Capture-replay vulnerability in Renault ZOE E-Tech Firmware 2021
The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack.
low complexity
renault CWE-294
8.1
2022-12-22 CVE-2022-2226 Authentication Bypass by Capture-replay vulnerability in Mozilla Thunderbird
An OpenPGP digital signature includes information about the date when the signature was created.
network
low complexity
mozilla CWE-294
6.5
2022-12-12 CVE-2022-25836 Authentication Bypass by Capture-replay vulnerability in Bluetooth Core Specification
Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey entered by the user into the Initiator.
high complexity
bluetooth CWE-294
7.5
2022-12-12 CVE-2022-25837 Authentication Bypass by Capture-replay vulnerability in Bluetooth Core Specification
Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code.
high complexity
bluetooth CWE-294
7.5
2022-11-27 CVE-2022-45914 Authentication Bypass by Capture-replay vulnerability in Electronic Shelf Label Protocol Project Electronic Shelf Label Protocol
The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail pricing.
6.5
2022-11-14 CVE-2021-38827 Authentication Bypass by Capture-replay vulnerability in Xiongmaitech Xm-Jpr2-Lx Firmware 4.02.R12.A6420987.10002.147502.00000
Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to account takeover.
high complexity
xiongmaitech CWE-294
7.5
2022-11-08 CVE-2022-44457 Authentication Bypass by Capture-replay vulnerability in Mendix Saml
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4).
network
low complexity
mendix CWE-294
critical
9.8
2022-11-08 CVE-2020-35473 Authentication Bypass by Capture-replay vulnerability in Bluetooth Core Specification
An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specifications 5.0 through 5.2, may be used to identify devices using Resolvable Private Addressing (RPA) by their response or non-response to specific scan requests from remote addresses.
low complexity
bluetooth CWE-294
4.3
2022-10-18 CVE-2022-41541 Authentication Bypass by Capture-replay vulnerability in Tp-Link Ax10 Firmware V1211117
TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token.
network
high complexity
tp-link CWE-294
8.1