CWE:
 

Topic
Date
Author
Med.
EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse
07.10.2020
LiquidWorm


CVEMAP Search Results

CVE
Details
Description
2021-07-02
Medium
CVE-2020-23178

Vendor: Php-fusion
Software: Php-fusion
 

 
An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user.

 
2021-03-25
Medium
CVE-2021-27195

Updating...
 

 
Improper Authorization vulnerability in Netop Vision Pro up to and including to 9.7.1 allows an attacker to replay network traffic.

 
2021-02-08
Medium
CVE-2021-25835

Vendor: Chainsafe
Software: Ethermint
 

 
Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with the same msg content and chainIDEpoch, which enables "cross-chain transaction replay" attack.

 
Medium
CVE-2021-25834

Vendor: Chainsafe
Software: Ethermint
 

 
Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application.

 
2021-01-19
Low
CVE-2020-27269

Updating...
 

 
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences via Bluetooth Low Energy.

 
2020-12-18
Medium
CVE-2020-35551

Vendor: Google
Software: Android
 

 
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 (December 2020).

 
Medium
CVE-2020-26172

Vendor: Tangro
Software: Business wor...
 

 
Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. The JWT token does not contain an expiration timestamp.

 
2020-12-15
Low
CVE-2020-14302

Vendor: Redhat
Software: Keycloak
 

 
A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks.

 
2020-12-14
Medium
CVE-2020-25229

Updating...
 

 
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The implemented encryption for communication with affected devices is prone to replay attacks due to the usage of a static key. An attacker could change the password or change the configuration on any affected device if using prepared messages that were generated for another device.

 
2020-11-02
Waiting for details
CVE-2018-19025

Updating...
 

 
In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.).

 

 


Copyright 2021, cxsecurity.com

 

Back to Top