VYPR

CWE-294

Authentication Bypass by Capture-replay

BaseIncompleteLikelihood: High

Description

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

Capture-replay attacks are common and can be difficult to defeat without cryptography. They are a subset of network injection attacks that rely on observing previously-sent valid commands, then changing them slightly if necessary and resending the same commands to the server.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-102 · CAPEC-509 · CAPEC-555 · CAPEC-561 · CAPEC-60 · CAPEC-644 · CAPEC-645 · CAPEC-652 · CAPEC-701 · CAPEC-94

CVEs mapped to this weakness (89)

page 5 of 5
  • CVE-2021-38296Mar 10, 2022
    risk 0.00cvss epss 0.02

    Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive…

  • CVE-2022-25838Feb 24, 2022
    risk 0.00cvss epss 0.01

    Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept.

  • CVE-2021-45327Feb 8, 2022
    risk 0.00cvss epss 0.02

    Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code.

  • CVE-2021-25835Feb 8, 2021
    risk 0.00cvss epss 0.01

    Cosmos Network Ethermint <= v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with…

  • CVE-2021-25834Feb 8, 2021
    risk 0.00cvss epss 0.01

    Cosmos Network Ethermint <= v0.4.0 is affected by a transaction replay vulnerability in the EVM module. If the victim sends a very large nonce transaction, the attacker can replay the transaction through the application.

  • CVE-2020-5300Apr 6, 2020
    risk 0.00cvss epss 0.01

    In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion `jti`: "A unique identifier for the…

  • CVE-2020-5261Mar 25, 2020
    risk 0.00cvss epss 0.01

    Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The…

  • CVE-2019-12887Jun 27, 2019
    risk 0.00cvss epss 0.01

    KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 of 2).

  • CVE-2018-1128HigJul 10, 2018
    risk 0.00cvss 7.5epss 0.01

    It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and…