Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-294 (使用捕获-重放进行的认证绕过) — Vulnerability Class 86

86 vulnerabilities classified as CWE-294 (使用捕获-重放进行的认证绕过). AI Chinese analysis included.

CWE-294 represents a critical authentication weakness where attackers bypass security controls by intercepting and retransmitting valid network traffic. This flaw typically arises when systems fail to implement robust session management or cryptographic protections, allowing malicious users to sniff communication channels and capture authentication tokens or credentials. By replaying these captured data packets to the server, attackers can impersonate legitimate users without needing to crack passwords or exploit complex vulnerabilities. To mitigate this risk, developers must employ strong cryptographic measures such as Transport Layer Security (TLS) to encrypt data in transit. Additionally, implementing unique session identifiers, nonces, and strict timestamp validation ensures that each request is distinct and time-bound, effectively neutralizing the threat of replayed packets and maintaining the integrity of the authentication process.

MITRE CWE Description
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). Capture-replay attacks are common and can be difficult to defeat without cryptography. They are a subset of network injection attacks that rely on observing previously-sent valid commands, then changing them slightly if necessary and resending the same commands to the server.
Common Consequences (1)
Access ControlGain Privileges or Assume Identity
Messages sent with a capture-relay attack allow access to resources which are not otherwise accessible without proper authentication.
Mitigations (2)
Architecture and DesignUtilize some sequence or time stamping functionality along with a checksum which takes this into account in order to ensure that messages can be parsed only once.
Architecture and DesignSince any attacker who can listen to traffic can see sequence numbers, it is necessary to sign messages with some kind of cryptography to ensure that sequence numbers are not simply doctored along with content.
CVE IDTitleCVSSSeverityPublished
CVE-2026-41351 OpenClaw < 2026.3.31 - Webhook Replay Detection Bypass via Base64 Signature Re-encoding — OpenClaw 5.3 Medium2026-04-23
CVE-2026-35618 OpenClaw < 2026.3.23 - Replay Identity Drift via Query-Only Variants in Plivo V2 Verification — OpenClaw 6.5 Medium2026-04-09
CVE-2026-34209 mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality — mppx 7.5 High2026-03-31
CVE-2026-32987 OpenClaw < 2026.3.13 - Bootstrap Setup Code Replay via Device Pairing — OpenClaw 9.8 Critical2026-03-29
CVE-2026-27855 Open-Xchange OX Dovecot Pro 安全漏洞 — OX Dovecot Pro 6.8 Medium2026-03-27
CVE-2026-4583 Shenzhen HCC Technology MPOS M6 PLUS Bluetooth authentication replay — MPOS M6 PLUS 5.0 Medium2026-03-23
CVE-2026-32053 OpenClaw < 2026.2.23 - Twilio Webhook Replay Bypass via Randomized Event ID Normalization — OpenClaw 6.5 Medium2026-03-21
CVE-2026-28449 OpenClaw < 2026.2.25 - Webhook Replay Attack via Missing Durable Replay Suppression — OpenClaw 6.5 Medium2026-03-19
CVE-2025-13777 Authentication Bypass due to Improper Session Validation — AWIN GW100 rev.2 8.3 High2026-03-13
CVE-2026-30789 RustDesk Client Generates Auth Proof Without Client-Side Nonce, Enabling Replay Attacks — RustDesk Client 8.4 -2026-03-05
CVE-2026-1743 DJI Mavic Mini/Air/Spark/Mini SE Enhanced Wi-Fi Pairing authentication replay — Mavic Mini 3.1 Low2026-02-02
CVE-2025-68671 lakeFS is Missing Timestamp Validation in S3 Gateway Authentication — lakeFS 6.5 Medium2026-01-15
CVE-2025-40807 Siemens Gridscale X Prepay 安全漏洞 — Gridscale X Prepay 6.3 Medium2025-12-09
CVE-2025-49752 Azure Bastion Elevation of Privilege Vulnerability — Azure Bastion Developer 10.0 Critical2025-11-20
CVE-2011-20002 Siemens SIMATIC S7-1200 CPU V1 family和Siemens SIMATIC S7-1200 CPU V2 family 安全漏洞 — SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) 7.4 High2025-10-14
CVE-2025-35061 Newforma Info Exchange (NIX) forced NTLMv2 authentication via /NPCSRemoteWeb/LegacyIntegrationServices.asmx — Project Center 5.9 Medium2025-10-09
CVE-2025-35058 Newforma Info Exchange (NIX) forced NTLMv2 authentication via /UserWeb/Common/MarkupServices.ashx — Project Center 5.9 Medium2025-10-09
CVE-2025-35057 Newforma Info Exchange (NIX) forced NTLMv2 authentication via /RemoteWeb/IntegrationServices.ashx — Project Center 5.3 Medium2025-10-09
CVE-2025-54810 Cognex In-Sight Explorer and In-Sight Camera Firmware Authentication Bypass by Capture-replay — In-Sight 2000 series 8.0 High2025-09-18
CVE-2025-9100 zhenfeng13 My-Blog Frontend Blog Article Comment comment authentication replay — My-Blog 5.3 Medium2025-08-18
CVE-2025-8616 Malicious browser plugins may cause Authentication replay attack vulnerability to bypass authentication in OpenText Advanced Authentication — Advanced Authentication 9.8AICriticalAI2025-08-06
CVE-2023-50786 Dradis 安全漏洞 — Dradis 4.1 Medium2025-07-05
CVE-2025-36593 Dell OpenManage Network Integration 安全漏洞 — OpenManage Network Integration 8.8 High2025-06-30
CVE-2025-6533 xxyopen/201206030 novel-plus CATCHA LoginController.java ajaxLogin authentication replay — novel-plus 5.6 Medium2025-06-24
CVE-2025-48012 One Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-063 — One Time Password 9.1AICriticalAI2025-05-21
CVE-2025-47706 Enterprise MFA - TFA for Drupal - Moderately critical - Access bypass - SA-CONTRIB-2025-052 — Enterprise MFA - TFA for Drupal 9.8AICriticalAI2025-05-14
CVE-2024-12137 Authentication Bypass in Elfatek Elektronics' ANKA JPD-00028 — ANKA JPD-00028 7.6 High2025-03-19
CVE-2025-1887 SMB forced authentication vulnerability in Sage 200 Spain — Sage 200 Spain 4.9 -2025-03-07
CVE-2024-12839 Changing Information Technology CGFIDO - Authentication Bypass — CGFIDO 8.8 High2024-12-31
CVE-2024-52534 Dell ECS 安全漏洞 — ECS 5.4 Medium2024-12-25

Vulnerabilities classified as CWE-294 (使用捕获-重放进行的认证绕过) represent 86 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.