CWE-294

High likelihood

Authentication Bypass by Capture-replay

Parent: CWE-1390 - Weak Authentication

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

210 vulnerabilities with CWE-294
CVE-2018-14781 MEDIUM
Medtronic MiniMed MMT - Capture-Replay
CVSS 5.3
CVE-2018-1128 HIGH
Ceph <master,mimic,luminous,jewel - Auth Bypass
CVSS 7.5
CVE-2017-5251 HIGH
Insteon Hub <1012 - Info Disclosure
CVSS 8.1
CVE-2017-3191 CRITICAL
D-link Dir-130 Firmware - Authentication Bypass
CVSS 9.8
CVE-2017-11786 HIGH
Microsoft Lync/Skype for Business - Privilege Escalation
CVSS 8.8
CVE-2017-6034 CRITICAL
Schneider-electric Modbus Firmware - Authentication Bypass
CVSS 9.8
CVE-2017-6823 HIGH
Fiyo CMS 2.0.6.1 - Privilege Escalation
CVSS 8.8
CVE-2013-1351 MEDIUM
Verax NMS <2.10 - Auth Bypass
CVSS 5.9
CVE-2011-20002 HIGH
SIMATIC S7-1200 CPU - Capture-Replay
CVSS 7.4
CVE-2002-0054
Microsoft Windows 2000/Exchange Server 5.5 - Auth Bypass
Details
Vulnerabilities 210
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits