Total
135 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26172 | 1 Tangro | 1 Business Workflow | 2020-12-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. The JWT token does not contain an expiration timestamp. | |||||
| CVE-2020-35551 | 1 Google | 1 Android | 2020-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung ID is SVE-2020-18100 (December 2020). | |||||
| CVE-2020-14302 | 1 Redhat | 1 Keycloak | 2020-12-18 | 4.0 MEDIUM | 4.9 MEDIUM |
| A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks. | |||||
| CVE-2020-12355 | 1 Intel | 1 Trusted Execution Engine | 2020-11-24 | 4.6 MEDIUM | 6.8 MEDIUM |
| Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2018-1128 | 3 Debian, Opensuse, Redhat | 10 Debian Linux, Leap, Ceph and 7 more | 2020-11-17 | 5.4 MEDIUM | 7.5 HIGH |
| It was found that cephx authentication protocol did not verify ceph clients correctly and was vulnerable to replay attack. Any attacker having access to ceph cluster network who is able to sniff packets on network can use this vulnerability to authenticate with ceph service and perform actions allowed by ceph service. Ceph branches master, mimic, luminous and jewel are believed to be vulnerable. | |||||
| CVE-2018-17932 | 1 Juuko | 2 K-800, K-800 Firmware | 2020-11-12 | 10.0 HIGH | 9.8 CRITICAL |
| JUUKO K-800 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.) is vulnerable to a replay attack and command forgery, which could allow attackers to replay commands, control the device, view commands, or cause the device to stop running. | |||||
| CVE-2018-19025 | 1 Juuko | 2 K-808, K-808 Firmware | 2020-11-12 | 10.0 HIGH | 9.8 CRITICAL |
| In JUUKO K-808, an attacker could specially craft a packet that encodes an arbitrary command, which could be executed on the K-808 (Firmware versions prior to numbers ending ...9A, ...9B, ...9C, etc.). | |||||
| CVE-2020-27157 | 1 Veritas | 1 Aptare | 2020-10-20 | 6.8 MEDIUM | 8.1 HIGH |
| Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the targeted user account. | |||||
| CVE-2019-18226 | 1 Honeywell | 128 H2w2gr1, H2w2gr1 Firmware, H2w2pc1m and 125 more | 2020-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| Honeywell equIP series and Performance series IP cameras and recorders, A vulnerability exists in the affected products where IP cameras and recorders have a potential replay attack vulnerability as a weak authentication method is retained for compatibility with legacy products. | |||||
| CVE-2018-17935 | 1 Telecrane | 22 F25-10d, F25-10d Firmware, F25-10s and 19 more | 2020-09-18 | 4.8 MEDIUM | 8.1 HIGH |
| All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of an arbitrary message, or keeping the controlled load in a permanent "stop" state. | |||||
| CVE-2018-17903 | 1 Sagaradio | 2 Saga1-l8b, Saga1-l8b Firmware | 2020-09-18 | 6.4 MEDIUM | 9.1 CRITICAL |
| SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery. | |||||
| CVE-2019-5307 | 1 Huawei | 4 P30, P30 Firmware, P30 Pro and 1 more | 2020-08-24 | 4.3 MEDIUM | 4.2 MEDIUM |
| Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and P30 Pro versions before VOG-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1), are exposed to a message replay vulnerability. For the sake of better compatibility, these devices implement a less strict check on the NAS message sequence number (SN), specifically NAS COUNT. As a result, an attacker can construct a rogue base station and replay the GUTI reallocation command message in certain conditions to tamper with GUTIs, or replay the Identity request message to obtain IMSIs. (Vulnerability ID: HWPSIRT-2019-04107) | |||||
| CVE-2018-17176 | 1 Neatorobotics | 6 Botvac D4 Connected, Botvac D4 Connected Firmware, Botvac D6 Connected and 3 more | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode requires authentication, but once recorded, the authentication (always transmitted in cleartext) can be replayed to /bin/webserver on port 8081. There are no nonces, and timestamps are not checked at all. | |||||
| CVE-2019-3915 | 1 Verizon | 2 Fios Quantum Gateway G1100, Fios Quantum Gateway G1100 Firmware | 2020-08-24 | 5.4 MEDIUM | 7.5 HIGH |
| Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100) firmware version 02.01.00.05 allows an unauthenticated attacker with adjacent network access to intercept and replay login requests to gain access to the administrative web interface. | |||||
| CVE-2019-9158 | 1 Gemalto | 1 Ezio Ds3 Server | 2020-08-24 | 2.7 LOW | 5.7 MEDIUM |
| Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control. | |||||
| CVE-2019-12887 | 1 Keyidentity | 1 Linotp | 2020-08-24 | 6.8 MEDIUM | 8.1 HIGH |
| KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 of 2). | |||||
| CVE-2020-4042 | 1 Bareos | 1 Bareos | 2020-07-15 | 4.3 MEDIUM | 6.8 MEDIUM |
| Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8. | |||||
| CVE-2020-10045 | 1 Siemens | 6 Sicam Mmu, Sicam Mmu Firmware, Sicam Sgu and 3 more | 2020-07-15 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An error in the challenge-response procedure could allow an attacker to replay authentication traffic and gain access to protected areas of the web application. | |||||
| CVE-2002-0054 | 1 Microsoft | 2 Exchange Server, Windows 2000 | 2020-04-09 | 7.5 HIGH | N/A |
| SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. | |||||
| CVE-2020-5300 | 1 Ory | 1 Hydra | 2020-04-07 | 3.5 LOW | 5.3 MEDIUM |
| In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion `jti`: "A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties". Hydra does not check the uniqueness of this `jti` value. Exploiting this vulnerability is somewhat difficult because: - TLS protects against MITM which makes it difficult to intercept valid tokens for replay attacks - The expiry time of the JWT gives only a short window of opportunity where it could be replayed This has been patched in version v1.4.0+oryOS.17 | |||||