CWE:
 

Topic
Date
Author
Med.
Dingtian-DT-R002 3.1.276A Authentication Bypass
02.08.2022
Victor Hanna
Med.
EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse
07.10.2020
LiquidWorm


CVEMAP Search Results

CVE
Details
Description
2024-07-21
Waiting for details
CVE-2024-38438

Updating...
 

 
D-Link - CWE-294: Authentication Bypass by Capture-replay

 
2024-06-13
Waiting for details
CVE-2024-38284

Updating...
 

 
Transmitted data is logged between the device and the backend service. An attacker could use these logs to perform a replay attack to replicate calls.

 
2024-01-30
Waiting for details
CVE-2023-6374

Updating...
 

 
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all serial numbers allows a remote unauthenticated attacker to bypass authentication by capture-replay attack and illegally login to the affected module. As a result, the remote attacker who has logged in illegally may be able to disclose or tamper with the programs and parameters in the modules.

 
2023-09-03
Waiting for details
CVE-2023-39373

Updating...
 

 
 A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay.

 
2023-06-19
Waiting for details
CVE-2023-29158

Updating...
 

 
SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity.

 
2023-04-10
Waiting for details
CVE-2023-27987

Updating...
 

 
In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization[1] https://linkis.apache.org/docs/latest/auth/token https://linkis.apache.org/docs/latest/auth/token

 
2023-04-05
Waiting for details
CVE-2023-1886

Updating...
 

 
Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.

 
2023-03-21
Waiting for details
CVE-2023-1537

Updating...
 

 
Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6.

 
2023-01-31
Waiting for details
CVE-2022-45789

Updating...
 

 
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure�?? Control Expert (All Versions), EcoStruxure�?? Process Expert (Version V2020 & prior), Modicon M340 CPU (part numbers BMXP34*) (All Versions), Modicon M580 CPU (part numbers BMEP* and BMEH*) (All Versions), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions)

 
2023-01-10
Waiting for details
CVE-2023-0014

Updating...
 

 
SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top