CVEbaza.plCWE DictionaryCWE-294
Common Weakness Enumeration

CWE-294

Authentication Bypass by Capture-replay

Category: BaseCVE: 281
Description

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

Extended Description

Capture-replay attacks are common and can be difficult to defeat without cryptography. They are a subset of network injection attacks that rely on observing previously-sent valid commands, then changing them slightly if necessary and resending the same commands to the server.

CVE vulnerabilities with CWE-294 (281)
10.0
CVSS
CRITICAL
CVE-2025-49752

Azure Bastion Elevation of Privilege Vulnerability

pub. 2025-11-20
9.8
CVSS
CRITICAL
CVE-2025-67135

Weak Security in the PF-50 1.2 keyfob of PGST PG107 Alarm System 1.25.05.hf allows attackers to compromise access control via a code replay attack.

pub. 2026-02-11
9.8
CVSS
CRITICAL
CVE-2025-65552

D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on the 433 MHz sensor communication channel. The system does not implement rolling codes, message authentication, or anti-replay protection, allowing an attacker within RF range to record valid alarm/control frames and replay them to trigger false alarms.

pub. 2026-01-12
9.8
CVSS
CRITICAL
CVE-2024-38438

D-Link - CWE-294: Authentication Bypass by Capture-replay

pub. 2024-07-21
9.8
CVSS
CRITICAL
CVE-2023-47435

An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows attackers to bypass authentication and access password protected pages.

pub. 2024-04-19
9.8
CVSS
CRITICAL
CVE-2023-49231

An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to receive an administrative API token.

pub. 2024-03-29
9.8
CVSS
CRITICAL
CVE-2023-30909

A remote authentication bypass issue exists in some OneView APIs.

pub. 2023-09-14
9.8
CVSS
CRITICAL
CVE-2023-1537

Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6.

pub. 2023-03-21
9.8
CVSS
CRITICAL
CVE-2023-23397

Microsoft Outlook Elevation of Privilege Vulnerability

pub. 2023-03-14🚩 CISA KEV⚡ EXPLOIT
9.8
CVSS
CRITICAL
CVE-2022-44457

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.0 < V1.17.2), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.2), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.1 < V3.3.5), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.4). Affected versions of the module insufficiently protect from packet capture replay, only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled. This CVE entry describes the incomplete fix for CVE-2022-37011 in a specific non default configuration.

pub. 2022-11-08
9.8
CVSS
CRITICAL
CVE-2022-37011

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0). Affected versions of the module insufficiently protect from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application. For compatibility reasons, fix versions still contain this issue, but only when the not recommended, non default configuration option `'Allow Idp Initiated Authentication'` is enabled.

pub. 2022-09-13
9.8
CVSS
CRITICAL
CVE-2022-29334

An issue in H v1.0 allows attackers to bypass authentication via a session replay attack.

pub. 2022-05-24
9.8
CVSS
CRITICAL
CVE-2022-22806

A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)

pub. 2022-03-09
9.8
CVSS
CRITICAL
CVE-2020-35551

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 (December 2020).

pub. 2020-12-18
9.8
CVSS
CRITICAL
CVE-2018-17932

JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the device, view commands, or cause the device to stop running.

pub. 2020-11-02
9.8
CVSS
CRITICAL
CVE-2018-19025

In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.).

pub. 2020-11-02
9.8
CVSS
CRITICAL
CVE-2019-18226

Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.

pub. 2019-10-31
9.8
CVSS
CRITICAL
CVE-2018-7790

An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC.

pub. 2018-08-29
9.8
CVSS
CRITICAL
CVE-2017-3191

D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials.

pub. 2017-12-16
9.8
CVSS
CRITICAL
CVE-2017-6034

An authentication bypass by capture-replay issue was discovered in Schneider Electric Modicon Modbus Protocol. Sensitive information is transmitted in cleartext in the Modicon Modbus protocol, which may allow an attacker to replay the following commands: run, stop, upload, and download.

pub. 2017-06-30
Showing 20 of 281 vulnerabilities
Information
ID: CWE-294
Type: Base
Vulnerabilities: 281
MITRE CWE ↗
← CWE Dictionary