Vulnerabilities > Authentication Bypass by Capture-replay
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-18 | CVE-2022-41541 | Authentication Bypass by Capture-replay vulnerability in Tp-Link Ax10 Firmware V1211117 TP-Link AX10v1 V1_211117 allows attackers to execute a replay attack by using a previously transmitted encrypted authentication message and valid authentication token. | 8.1 |
| 2022-10-14 | CVE-2022-2780 | Authentication Bypass by Capture-replay vulnerability in Octopus Server In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack. | 8.1 |
| 2022-10-11 | CVE-2022-42731 | Authentication Bypass by Capture-replay vulnerability in Django-Mfa2 Project Django-Mfa2 mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. | 7.5 |
| 2022-09-13 | CVE-2022-40621 | Authentication Bypass by Capture-replay vulnerability in Wavlink Wn531G3 Firmware M31G3.V5030.200325 Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack. | 7.5 |
| 2022-09-13 | CVE-2022-37011 | Authentication Bypass by Capture-replay vulnerability in Mendix Saml A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0). | 9.8 |
| 2022-09-07 | CVE-2022-36089 | Authentication Bypass by Capture-replay vulnerability in Kubevela KubeVela is an application delivery platform Users using KubeVela's VelaUX APIServer could be affected by an authentication bypass vulnerability. | 9.8 |
| 2022-08-24 | CVE-2022-36945 | Authentication Bypass by Capture-replay vulnerability in Mazda Firmware 2020 The Remote Keyless Entry (RKE) receiving unit on certain Mazda vehicles through 2020 allows remote attackers to perform unlock operations and force a resynchronization after capturing three consecutive valid key-fob signals over the radio, aka a RollBack attack. | 6.4 |
| 2022-08-24 | CVE-2022-37305 | Authentication Bypass by Capture-replay vulnerability in Honda Firmware The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals over the radio, aka a RollBack attack. | 6.4 |
| 2022-08-24 | CVE-2022-37418 | Authentication Bypass by Capture-replay vulnerability in multiple products The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. | 6.4 |
| 2022-07-15 | CVE-2022-31158 | Authentication Bypass by Capture-replay vulnerability in Packback LTI 1.3 Tool Library LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. | 7.5 |