CWE-294: Authentication Bypass by Capture-replay
low-riskA capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
Abstraction: Base
Common Consequences
Access Control
→
Gain Privileges or Assume Identity
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2023-23397 | 9.8 | 93.4% | Y |
| CVE-2017-3191 | 9.8 | 33.8% | — |
| CVE-2017-11786 | 8.8 | 11.5% | — |
| CVE-2022-29593 | 5.9 | 8.2% | — |
| CVE-2022-29593 | 5.9 | 8.2% | — |
| CVE-2017-6823 | 8.8 | 6.8% | — |
| CVE-2023-30909 | 9.8 | 5.0% | — |
| CVE-2022-27254 | 5.3 | 3.8% | — |
| CVE-2022-38766 | 8.1 | 2.9% | — |
| CVE-2022-38766 | 8.1 | 2.9% | — |
1
/ 100
low-risk
Active Threat
1/50 · Minimal
Exploit Availability
0/50 · Minimal