Vulnerabilities > Authentication Bypass by Capture-replay
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-10 | CVE-2021-38296 | Authentication Bypass by Capture-replay vulnerability in multiple products Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". | 7.5 |
| 2022-02-24 | CVE-2021-39364 | Authentication Bypass by Capture-replay vulnerability in Honeywell Hbw2Per1 Firmware and Hdzp252Di Firmware Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for camera control) after ARP cache poisoning has been achieved. | 7.5 |
| 2022-02-24 | CVE-2022-25838 | Authentication Bypass by Capture-replay vulnerability in Laravel Fortify Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept. | 8.1 |
| 2022-01-06 | CVE-2021-46145 | Authentication Bypass by Capture-replay vulnerability in Honda Civic 2012 The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. | 5.3 |
| 2021-12-15 | CVE-2021-40170 | Authentication Bypass by Capture-replay vulnerability in Securitashome Alarm System Firmware Hpgwg0.0.2.23Fbguitrf1Bdbl.A30.20181117 An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to trigger arbitrary system functionality by replaying previously recorded signals. | 6.8 |
| 2021-12-08 | CVE-2021-41030 | Authentication Bypass by Capture-replay vulnerability in Fortinet Forticlient Enterprise Management Server An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages. | 9.1 |
| 2021-10-07 | CVE-2021-35067 | Authentication Bypass by Capture-replay vulnerability in Meross Msg100 Firmware Meross MSG100 devices before 3.2.3 allow an attacker to replay the same data or similar data (e.g., an attacker who sniffs a Close message can transmit an acceptable Open message). | 8.1 |
| 2021-10-06 | CVE-2021-25480 | Authentication Bypass by Capture-replay vulnerability in Google Android A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection. | 7.5 |
| 2021-09-15 | CVE-2021-27662 | Authentication Bypass by Capture-replay vulnerability in Johnsoncontrols Kantech Kt-1 Door Controller Firmware The KT-1 door controller is susceptible to replay or man-in-the-middle attacks where an attacker can record and replay TCP packets. | 8.1 |
| 2021-07-26 | CVE-2021-26824 | Authentication Bypass by Capture-replay vulnerability in DM Fingertool Project DM Fingertool 1.19 DM FingerTool v1.19 in the DM PD065 Secure USB is susceptible to improper authentication by a replay attack, allowing local attackers to bypass user authentication and access all features and data on the USB. | 7.1 |