Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-294

CWE-294

High likelihood

Authentication Bypass by Capture-replay

Parent: CWE-1390 - Weak Authentication

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

219 vulnerabilities with CWE-294

CVE-2024-29851 HIGH

Veeam Backup Enterprise Manager - Info Disclosure

CVE-2024-29850 HIGH

Veeam Backup Enterprise Manager - Privilege Escalation

CVE-2024-29901 MEDIUM

AuthKit <0.4.2 - Expired Session Reuse via x-workos-session Header

CVE-2023-50786 MEDIUM

Dradis < 4.16.0 - Net-NTLM Hash Theft via External Image Reference

CVE-2023-47435 CRITICAL

hexo-theme-matery v2.0.0 - Auth Bypass

CVE-2023-49231 CRITICAL

Stilog Visual Planning 8 - Auth Bypass

CVE-2023-6374 MEDIUM

Mitsubishi Electric Corporation MELSEC WS Series - Auth Bypass

CVE-2023-46892 HIGH

Meross MSH30Q <4.5.23 - Replay Attack

CVE-2023-50128 MEDIUM

Hozard Alarm System <v1.0 - Replay Attack

CVE-2023-39547 HIGH

CLUSTERPRO X <5.1 - Command Injection

CVE-2023-45794 MEDIUM

Mendix 10<10.4.0, Mendix 7<7.23.37, Mendix 8<8.18.27, Mendix 9<9.24...

CVE-2023-36857 MEDIUM

Baker Hughes - Bently Nevada 3500 System TDI Firmware <5.05 - Replay

CVE-2023-41890 HIGH

Sustainsys.Saml2 <1.0.3, <2.9.2 - Info Disclosure

CVE-2023-30909 CRITICAL

HP OneView < 8.30.01 - Authentication Bypass via API Capture-replay

CVE-2023-39373 HIGH

Hyundai 2017 Firmware - Authentication Bypass via Capture-replay

CVE-2023-20900 HIGH

VMware vSphere <8.0 - Privilege Escalation

CVE-2023-34625 HIGH

ShowMojo MojoBox Digital Lockbox 1.4 - Authentication Bypass via BLE Replay Attack

CVE-2023-2846 HIGH

Mitsubishi Electric Corporation MELSEC iQ-F Series - Auth Bypass

CVE-2023-34553 MEDIUM

WAFU Keyless Smart Lock v1.0 - Code Injection

CVE-2023-29158 MEDIUM

SUBNET PowerSYSTEM Center <2020 U10 - DoS

CVE-2023-33621 MEDIUM

GL.iNET GL-AR750S-Ext <3.215 - Auth Bypass

CVE-2023-31763 HIGH

AGShome Smart Alarm v1.0 - Info Disclosure

CVE-2023-31762 HIGH

Digoo DG-HAMB Smart Home Security System v1.0 - Code Injection

CVE-2023-31761 HIGH

Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 - Authentication Bypass via Code Replay Attack

CVE-2023-31759 HIGH

Kerui W18 Alarm System v1.0 - Code Injection

Previous Page 4 of 9 Next

Details

Vulnerabilities 219

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy