Vulnerabilities > Authentication Bypass by Capture-replay

DATE CVE VULNERABILITY TITLE RISK
2022-10-14 CVE-2022-2780 Authentication Bypass by Capture-replay vulnerability in Octopus Server
In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack.
network
high complexity
octopus CWE-294
8.1
2022-10-11 CVE-2022-42731 Authentication Bypass by Capture-replay vulnerability in Django-Mfa2 Project Django-Mfa2
mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user.
network
low complexity
django-mfa2-project CWE-294
7.5
2022-09-13 CVE-2022-40621 Authentication Bypass by Capture-replay vulnerability in Wavlink Wn531G3 Firmware M31G3.V5030.200325
Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack.
network
high complexity
wavlink CWE-294
7.5
2022-08-24 CVE-2022-36945 Authentication Bypass by Capture-replay vulnerability in Mazda Firmware 2020
The Remote Keyless Entry (RKE) receiving unit on certain Mazda vehicles through 2020 allows remote attackers to perform unlock operations and force a resynchronization after capturing three consecutive valid key-fob signals over the radio, aka a RollBack attack.
high complexity
mazda CWE-294
6.4
2022-08-24 CVE-2022-37305 Authentication Bypass by Capture-replay vulnerability in Honda Firmware
The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals over the radio, aka a RollBack attack.
high complexity
honda CWE-294
6.4
2022-08-24 CVE-2022-37418 Authentication Bypass by Capture-replay vulnerability in multiple products
The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack.
high complexity
nissan kia hyundai CWE-294
6.4
2022-07-15 CVE-2022-31158 Authentication Bypass by Capture-replay vulnerability in Packback LTI 1.3 Tool Library
LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP.
network
low complexity
packback CWE-294
7.5
2022-07-14 CVE-2022-29593 Authentication Bypass by Capture-replay vulnerability in Dingtian-Tech Dt-R004 Firmware 3.1.276A
relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request.
network
high complexity
dingtian-tech CWE-294
5.9
2022-07-04 CVE-2022-33208 Authentication Bypass by Capture-replay vulnerability in Omron products
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software 'Sysmac Studio' and/or a Programmable Terminal (PT) to access the controller.
network
high complexity
omron CWE-294
8.1
2022-07-04 CVE-2022-33971 Authentication Bypass by Capture-replay vulnerability in Omron products
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program.
high complexity
omron CWE-294
7.5