CWE-294
Authentication Bypass by Capture-replay
Description
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-102 · CAPEC-509 · CAPEC-555 · CAPEC-561 · CAPEC-60 · CAPEC-644 · CAPEC-645 · CAPEC-652 · CAPEC-701 · CAPEC-94
CVEs mapped to this weakness (89)
page 5 of 5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-38296 | — | 0.00 | — | 0.02 | Mar 10, 2022 | Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive… | ||
| CVE-2022-25838 | — | 0.00 | — | 0.01 | Feb 24, 2022 | Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept. | ||
| CVE-2021-45327 | 0.00 | — | 0.02 | Feb 8, 2022 | Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code. | |||
| CVE-2021-25835 | — | 0.00 | — | 0.01 | Feb 8, 2021 | Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with… | ||
| CVE-2021-25834 | — | 0.00 | — | 0.01 | Feb 8, 2021 | Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application. | ||
| CVE-2020-5300 | 0.00 | — | 0.01 | Apr 6, 2020 | In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion `jti`: "A unique identifier for the… | |||
| CVE-2020-5261 | 0.00 | — | 0.01 | Mar 25, 2020 | Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The… | |||
| CVE-2019-12887 | — | 0.00 | — | 0.01 | Jun 27, 2019 | KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 of 2). | ||
| CVE-2018-1128 | Hig | 0.00 | 7.5 | 0.01 | Jul 10, 2018 | It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and… |
- CVE-2021-38296Mar 10, 2022risk 0.00cvss —epss 0.02
Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive…
- CVE-2022-25838Feb 24, 2022risk 0.00cvss —epss 0.01
Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept.
- CVE-2021-45327Feb 8, 2022risk 0.00cvss —epss 0.02
Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code.
- CVE-2021-25835Feb 8, 2021risk 0.00cvss —epss 0.01
Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with…
- CVE-2021-25834Feb 8, 2021risk 0.00cvss —epss 0.01
Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application.
- CVE-2020-5300Apr 6, 2020risk 0.00cvss —epss 0.01
In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion `jti`: "A unique identifier for the…
- CVE-2020-5261Mar 25, 2020risk 0.00cvss —epss 0.01
Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The…
- CVE-2019-12887Jun 27, 2019risk 0.00cvss —epss 0.01
KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 of 2).
- risk 0.00cvss 7.5epss 0.01
It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and…