CWE:
 

Tytuł
Data
Autor
Med.
EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reuse
07.10.2020
LiquidWorm


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2021-12-08
Medium
CVE-2021-41030

Vendor: Fortinet
Software: Forticlient ...
 

 
An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7.0.1 and below and 6.4.4 and below may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages.

 
2021-10-22
Medium
CVE-2021-38459

Vendor: Auvesy
Software: Versiondog
 

 
The data of a network capture of the initial handshake phase can be used to authenticate at a SYSDBA level. If a specific .exe is not restarted often, it is possible to access the needed handshake packets between admin/client connections. Using the SYSDBA permission, an attacker can change user passwords or delete the database.

 
2021-10-06
Medium
CVE-2021-25480

Updating...
 

 
A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection.

 
2021-07-02
Medium
CVE-2020-23178

Vendor: Php-fusion
Software: Php-fusion
 

 
An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user.

 
2021-03-25
Medium
CVE-2021-27195

Updating...
 

 
Improper Authorization vulnerability in Netop Vision Pro up to and including to 9.7.1 allows an attacker to replay network traffic.

 
2021-02-08
Medium
CVE-2021-25835

Vendor: Chainsafe
Software: Ethermint
 

 
Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with the same msg content and chainIDEpoch, which enables "cross-chain transaction replay" attack.

 
Medium
CVE-2021-25834

Vendor: Chainsafe
Software: Ethermint
 

 
Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application.

 
2021-01-19
Low
CVE-2020-27269

Updating...
 

 
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences via Bluetooth Low Energy.

 
2020-12-18
Medium
CVE-2020-26172

Vendor: Tangro
Software: Business wor...
 

 
Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. The JWT token does not contain an expiration timestamp.

 
Medium
CVE-2020-35551

Vendor: Google
Software: Android
 

 
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 (December 2020).

 

 


Copyright 2022, cxsecurity.com

 

Back to Top