Vulnerabilities (CVE)

Filtered by CWE-294
Total 147 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-12692 2 Canonical, Openstack 2 Ubuntu Linux, Keystone 2024-02-28 5.5 MEDIUM 5.4 MEDIUM
An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times.
CVE-2020-10045 1 Siemens 6 Sicam Mmu, Sicam Mmu Firmware, Sicam Sgu and 3 more 2024-02-28 6.8 MEDIUM 8.8 HIGH
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An error in the challenge-response procedure could allow an attacker to replay authentication traffic and gain access to protected areas of the web application.
CVE-2020-6972 1 Honeywell 1 Notifier Webserver 2024-02-28 6.4 MEDIUM 9.1 CRITICAL
In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell Fire Web Server’s authentication may be bypassed by a capture-replay attack from a web browser.
CVE-2020-5261 1 Sustainsys 1 Saml2 2024-02-28 4.9 MEDIUM 6.8 MEDIUM
Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use. Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 have a faulty implementation of Token Replay Detection. Token Replay Detection is an important defense measure for Single Sign On solutions. The 2.5.0 version is patched. Note that version 1.0.1 and prior versions are not affected. These versions have a correct Token Replay Implementation and are safe to use.
CVE-2019-11856 1 Sierrawireless 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more 2024-02-28 5.5 MEDIUM 3.8 LOW
A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay. Captured traffic to the ACEView service can be replayed to other gateways sharing the same credentials.
CVE-2019-13533 1 Omron 2 Plc Cj Firmware, Plc Cs Firmware 2024-02-28 6.8 MEDIUM 8.1 HIGH
In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening and closing of industrial valves.
CVE-2019-18226 1 Honeywell 128 H2w2gr1, H2w2gr1 Firmware, H2w2pc1m and 125 more 2024-02-28 7.5 HIGH 9.8 CRITICAL
Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products.
CVE-2020-10185 1 Yubico 1 Yubikey One Time Password Validation Server 2024-02-28 6.8 MEDIUM 8.6 HIGH
The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT affect YubiCloud.
CVE-2019-12393 1 Anviz 1 Management System 2024-02-28 5.0 MEDIUM 7.5 HIGH
Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests.
CVE-2013-1351 1 Veraxsystems 1 Network Management System 2024-02-28 4.3 MEDIUM 5.9 MEDIUM
Verax NMS prior to 2.10 allows authentication via the encrypted password without knowing the cleartext password.
CVE-2019-12887 1 Keyidentity 1 Linotp 2024-02-28 6.8 MEDIUM 8.1 HIGH
KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 of 2).
CVE-2019-9158 1 Gemalto 1 Ezio Ds3 Server 2024-02-28 2.7 LOW 5.7 MEDIUM
Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control.
CVE-2019-3915 1 Verizon 2 Fios Quantum Gateway G1100, Fios Quantum Gateway G1100 Firmware 2024-02-28 5.4 MEDIUM 7.5 HIGH
Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface.
CVE-2018-15498 1 Ysoft 2 Safeq Server, Safeq Server Client 2024-02-28 6.8 MEDIUM 8.1 HIGH
YSoft SafeQ Server 6 allows a replay attack.
CVE-2019-5307 1 Huawei 4 P30, P30 Firmware, P30 Pro and 1 more 2024-02-28 4.3 MEDIUM 4.2 MEDIUM
Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tamper with GUTIs, or replay the Identity request message to obtain IMSIs. (Vulnerability ID: HWPSIRT-2019-04107)
CVE-2019-9659 2 Chuango, Eminent 22 A11 Pstn\/lcd\/rfid Touch Alarm System, A11 Pstn\/lcd\/rfid Touch Alarm System Firmware, A8 Pstn Alarm System and 19 more 2024-02-28 6.4 MEDIUM 9.1 CRITICAL
The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System.
CVE-2019-11334 1 Tzumi 3 Klic Lock, Klic Smart Padlock Model 5686, Klic Smart Padlock Model 5686 Firmware 2024-02-28 4.3 MEDIUM 3.7 LOW
An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources (that are not otherwise accessible without proper authentication) via capture-replay. Physically proximate attackers can use this information to unlock unauthorized Tzumi Electronics Klic Smart Padlock Model 5686 Firmware 6.2.
CVE-2018-7790 1 Schneider-electric 2 Modicon M221, Modicon M221 Firmware 2024-02-28 7.5 HIGH 9.8 CRITICAL
An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exploits this vulnerability and connects to a Modicon M221, the attacker can upload the original program from the PLC.
CVE-2018-17176 1 Neatorobotics 6 Botvac D4 Connected, Botvac D4 Connected Firmware, Botvac D6 Connected and 3 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all.
CVE-2018-7356 1 Zte 2 Zxr10 8905e, Zxr10 8905e Firmware 2024-02-28 5.0 MEDIUM 7.5 HIGH
All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence Number (ISN) reuse vulnerability, which can generate easily predictable ISN, and allows remote attackers to spoof connections.