Vulnerabilities > Authentication Bypass by Capture-replay

DATE CVE VULNERABILITY TITLE RISK
2020-12-15 CVE-2020-14302 Authentication Bypass by Capture-replay vulnerability in Redhat Keycloak
A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter.
network
low complexity
redhat CWE-294
4.0
2020-11-23 CVE-2020-25660 Authentication Bypass by Capture-replay vulnerability in multiple products
A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus.
low complexity
redhat fedoraproject CWE-294
8.8
2020-11-18 CVE-2020-13799 Authentication Bypass by Capture-replay vulnerability in multiple products
Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe.
local
low complexity
westerndigital linaro CWE-294
4.6
2020-11-12 CVE-2020-12355 Authentication Bypass by Capture-replay vulnerability in Intel Trusted Execution Engine 3.0/3.1.75/4.0.25
Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
local
low complexity
intel CWE-294
4.6
2020-11-02 CVE-2018-19025 Authentication Bypass by Capture-replay vulnerability in Juuko K-808 Firmware
In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.).
network
low complexity
juuko CWE-294
critical
10.0
2020-11-02 CVE-2018-17932 Authentication Bypass by Capture-replay vulnerability in Juuko K-800 Firmware
JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the device, view commands, or cause the device to stop running.
network
low complexity
juuko CWE-294
critical
10.0
2020-10-20 CVE-2020-15931 Authentication Bypass by Capture-replay vulnerability in Netwrix Account Lockout Examiner
Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in its installation state) by generating a single Kerberos Pre-Authentication Failed (ID 4771) event on a Domain Controller.
network
low complexity
netwrix CWE-294
5.0
2020-10-15 CVE-2020-27157 Authentication Bypass by Capture-replay vulnerability in Veritas Aptare 10.4
Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server.
network
veritas CWE-294
6.8
2020-10-07 CVE-2020-24722 Authentication Bypass by Capture-replay vulnerability in Exposure Notifications Project Exposure Notifications 20201005
An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS.
network
high complexity
exposure-notifications-project CWE-294
5.9
2020-08-21 CVE-2019-11856 Authentication Bypass by Capture-replay vulnerability in Sierrawireless Aleos
A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay.
network
low complexity
sierrawireless CWE-294
5.5