Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-294

CWE-294

High likelihood

Authentication Bypass by Capture-replay

Parent: CWE-1390 - Weak Authentication

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

219 vulnerabilities with CWE-294

CVE-2022-37011 CRITICAL

Mendix SAML <1.17.0, <2.3.0, <3.3.0 - Auth Bypass

CVE-2022-36089 HIGH

KubeVela <1.4.11, <1.5.4 - Auth Bypass

CVE-2022-37418 MEDIUM

Nissan, Kia, and Hyundai Firmware < 2017 - Authentication Bypass via RollBack Replay Attack

CVE-2022-37305 MEDIUM

Honda Firmware < 2018 - Authentication Bypass via RollBack Replay Attack

CVE-2022-36945 MEDIUM

Mazda Vehicles Through 2020 - Remote Unlock via RollBack Key-Fob Replay

CVE-2022-31158 HIGH

LTI 1.3 Tool Library <5.0 - Info Disclosure

CVE-2022-29593 MEDIUM

Dingtian DT-R002 3.1.276A - Unauthenticated Authentication Bypass via HTTP Request Replay

CVE-2022-33971 HIGH

OMRON NX7/NX1/NJ Series Firmware < 1.28/1.48 - Authentication Bypass by Capture-replay

CVE-2022-33208 HIGH

Machine automation controller - Auth Bypass

CVE-2022-30467 MEDIUM

Joyebike Wolf 2022 Firmware - Denial of Service via RF Key Fob Request Jamming

CVE-2022-31277 HIGH

Xiaomi Lamp 1 <v2.0.4_0066 - Open Redirect

CVE-2022-30466 MEDIUM

joybike Wolf Firmware - Authentication Bypass via Capture-replay

CVE-2022-31265 HIGH

Wargaming World of Warships <0.11.4 - RCE

CVE-2022-29334 CRITICAL

H v1.0 - Auth Bypass

CVE-2022-29878 HIGH

SICAM T < V3.0 - Info Disclosure

CVE-2022-25159 HIGH

Mitsubishielectric Fx5uc Firmware - Authentication Bypass

CVE-2022-22936 HIGH

SaltStack Salt <3002.8-3004.1 - Privilege Escalation

CVE-2022-27254 MEDIUM

Honda Civic 2018 Firmware - Authentication Bypass via RF Signal Replay Attack

CVE-2022-22806 CRITICAL

Schneider Electric SmartConnect UPS Family - Unauthenticated Authentication Bypass via Malformed Connection

CVE-2022-25838 HIGH

Laravel Fortify <1.11.1 - Info Disclosure

CVE-2021-27289 CRITICAL

Ksix Zigbee Smart Home Kit <1.0.3 <1.0.7 - Replay Attack via Frame Counter

CVE-2021-38827 HIGH

Xiongmai Camera XM-JPR2-LX - Account Takeover

CVE-2021-46835 MEDIUM

Huawei WS7200-10 Firmware 11.0.2.13 - Traffic Hijacking via Authentication Bypass by Capture-replay

CVE-2021-22640 HIGH

Ovarro TBox < 1.46 - Insufficiently Protected Credentials via Communication Capture

CVE-2021-38296 HIGH

Apache Spark <3.1.2 - Info Disclosure

Previous Page 6 of 9 Next

Details

Vulnerabilities 219

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy