CWE · MITRE source
CWE-294Authentication Bypass by Capture-replay
A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
Capture-replay attacks are common and can be difficult to defeat without cryptography. They are a subset of network injection attacks that rely on observing previously-sent valid commands, then changing them slightly if necessary and resending the same commands to the server.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (4)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
SC-23 | Session Authenticity | SC | Protects against replay of captured session tokens or credentials by requiring authenticated, fresh session channels. |
SC-40 | Wireless Link Protection | SC | Wireless link protections commonly incorporate replay protection, reducing the exploitability of capture-replay weaknesses. |
SC-45 | System Time Synchronization | SC | Accurate synchronized time enables tight timestamp windows that directly limit capture-replay windows in authentication protocols. |
AC-9 | Previous Logon Notification | AC | Allows detection of capture-replay attacks by showing the replayed logon's timestamp as the last logon. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2023-23397 KEV | 9.6 | 9.8 | 0.9340 | 2023-03-14 |
CVE-2017-3191 | 4.0 | 9.8 | 0.3380 | 2017-12-16 |
CVE-2017-11786 | 2.4 | 8.8 | 0.1149 | 2017-10-13 |
CVE-2023-30909 | 2.3 | 9.8 | 0.0496 | 2023-09-14 |
CVE-2017-6823 | 2.2 | 8.8 | 0.0684 | 2017-03-12 |
CVE-2017-6034 | 2.0 | 9.8 | 0.0013 | 2017-06-30 |
CVE-2018-7790 | 2.0 | 9.8 | 0.0113 | 2018-08-29 |
CVE-2019-18226 | 2.0 | 9.8 | 0.0018 | 2019-10-31 |
CVE-2018-17932 | 2.0 | 9.8 | 0.0024 | 2020-11-02 |
CVE-2018-19025 | 2.0 | 9.8 | 0.0024 | 2020-11-02 |
CVE-2020-35551 | 2.0 | 9.8 | 0.0013 | 2020-12-18 |
CVE-2022-22806 | 2.0 | 9.8 | 0.0023 | 2022-03-09 |
CVE-2022-29334 | 2.0 | 9.8 | 0.0033 | 2022-05-24 |
CVE-2022-37011 | 2.0 | 9.8 | 0.0091 | 2022-09-13 |
CVE-2022-44457 | 2.0 | 9.8 | 0.0046 | 2022-11-08 |
CVE-2023-1537 | 2.0 | 9.8 | 0.0026 | 2023-03-21 |
CVE-2023-49231 | 2.0 | 9.8 | 0.0083 | 2024-03-29 |
CVE-2023-47435 | 2.0 | 9.8 | 0.0008 | 2024-04-19 |
CVE-2024-38438 | 2.0 | 9.8 | 0.0021 | 2024-07-21 |
CVE-2025-49752 | 2.0 | 10.0 | 0.0007 | 2025-11-20 |
CVE-2025-65552 | 2.0 | 9.8 | 0.0013 | 2026-01-12 |
CVE-2025-67135 | 2.0 | 9.8 | 0.0002 | 2026-02-11 |
CVE-2026-30789 | 2.0 | 9.8 | 0.0017 | 2026-03-05 |
CVE-2026-32987 | 2.0 | 9.8 | 0.0006 | 2026-03-29 |
CVE-2025-26201 | 1.9 | 9.1 | 0.0052 | 2025-02-24 |