Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-294

CWE-294

High likelihood

Authentication Bypass by Capture-replay

Parent: CWE-1390 - Weak Authentication

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

219 vulnerabilities with CWE-294

CVE-2023-33281 MEDIUM

Nissan Sylphy Classic 2021 - Replay Attack

CVE-2023-20123 MEDIUM

Cisco Duo < 2.0.1 & Duo Authentication for Windows Logon and RDP < 4.2.2 - Authentication Bypass via Session Replay

CVE-2023-1886 HIGH

thorsten/phpmyfaq <3.1.12 - Auth Bypass

CVE-2023-1537 CRITICAL

answerdev/answer <1.0.6 - Auth Bypass

CVE-2023-23397 CRITICAL KEV

Microsoft Outlook - Privilege Escalation

CVE-2023-0014 CRITICAL

SAP NetWeaver ABAP Server/ABAP Platform - Info Disclosure

CVE-2023-0036 MEDIUM

OpenHarmony 3.0-3.0.5 - Authentication Bypass via platform_callback_stub

CVE-2023-0035 MEDIUM

OpenHarmony 3.0-3.0.5 - Authentication Bypass via SA Relay Attack

CVE-2022-46480 HIGH

Ultraloq UL3 2nd Gen Smart Lock <02.27.0012 - Info Disclosure

CVE-2022-48507 HIGH

Huawei EMUI and HarmonyOS - Authentication Bypass via Identity Verification Bypass

CVE-2022-47930 MEDIUM

IO FinNet tss-lib <2.0.0 - Info Disclosure

CVE-2022-45789 HIGH

Schneider-electric Ecostruxure Control Expert - Authentication Bypass

CVE-2022-43704 MEDIUM

Sinilink XY-WFT1 WiFi Remote Thermostat <1.3.6 - Auth Bypass

CVE-2022-38766 HIGH

Renault ZOE E-Tech Firmware - Authentication Bypass via Replay Attack

CVE-2022-2226 MEDIUM

Thunderbird < 91.11 and < 102 - Digital Signature Replay Attack via Date Mismatch

CVE-2022-25837 HIGH

Bluetooth Core Specification <5.3 - Unauthenticated MITM

CVE-2022-25836 HIGH

Bluetooth Core Specification <5.3 - Auth Bypass

CVE-2022-45914 MEDIUM

electronic_shelf_label_protocol - Unauthenticated Label Value Manipulation via 433 MHz RF Signals

CVE-2022-44555 HIGH

HarmonyOS - Service Hijacking via DDMP/ODMF Module

CVE-2022-44457 CRITICAL

Mendix SAML < 1.17.0 - Authentication Bypass via Capture-replay

CVE-2022-29475 HIGH

Abode Systems iota All-In-One Security Kit 6.9X and 6.9Z - Authentication Bypass via XFINDER Capture-replay

CVE-2022-41541 HIGH

TP-Link AX10v1 V1_211117 - Authentication Bypass via Replay Attack

CVE-2022-2780 HIGH

Octopus Server 2021.2.994-2022.1.3180 - NTLM Relay Attack via Git Connectivity Test

CVE-2022-42731 HIGH

django-mfa2 <2.5.1, <2.6.1 - Info Disclosure

CVE-2022-40621 HIGH

WAVLINK Quantum D4G - Info Disclosure

Previous Page 5 of 9 Next

Details

Vulnerabilities 219

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy