Vulnerabilities > Authentication Bypass by Capture-replay
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-14 | CVE-2023-23397 | Authentication Bypass by Capture-replay vulnerability in Microsoft products Microsoft Outlook Elevation of Privilege Vulnerability | 9.8 |
| 2023-01-20 | CVE-2022-43704 | Authentication Bypass by Capture-replay vulnerability in Sinilink Xy-Wft1 Firmware 1.3.6 The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate using MQTT. | 5.9 |
| 2023-01-09 | CVE-2023-0035 | Authentication Bypass by Capture-replay vulnerability in Openatom Openharmony softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege. | 7.8 |
| 2023-01-09 | CVE-2023-0036 | Authentication Bypass by Capture-replay vulnerability in Openatom Openharmony platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege. | 7.8 |
| 2023-01-03 | CVE-2022-38766 | Authentication Bypass by Capture-replay vulnerability in Renault ZOE E-Tech Firmware 2021 The remote keyless system on Renault ZOE 2021 vehicles sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack. | 8.1 |
| 2022-12-22 | CVE-2022-2226 | Authentication Bypass by Capture-replay vulnerability in Mozilla Thunderbird An OpenPGP digital signature includes information about the date when the signature was created. | 6.5 |
| 2022-12-12 | CVE-2022-25836 | Authentication Bypass by Capture-replay vulnerability in Bluetooth Core Specification Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey entered by the user into the Initiator. | 7.5 |
| 2022-12-12 | CVE-2022-25837 | Authentication Bypass by Capture-replay vulnerability in Bluetooth Core Specification Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code. | 7.5 |
| 2022-11-27 | CVE-2022-45914 | Authentication Bypass by Capture-replay vulnerability in Electronic Shelf Label Protocol Project Electronic Shelf Label Protocol The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail pricing. | 6.5 |
| 2022-11-14 | CVE-2021-38827 | Authentication Bypass by Capture-replay vulnerability in Xiongmaitech Xm-Jpr2-Lx Firmware 4.02.R12.A6420987.10002.147502.00000 Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to account takeover. | 7.5 |