CVE-2025-47706

MEDIUM Year: 2025
CVSS v3 Score
4.8
Medium
Weakness Type
CWE-294
View all →

Vulnerability Description

Authentication Bypass by Capture-replay vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Remote Services with Stolen Credentials.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.7.0, from 5.0.0 before 5.2.0.

Related Vulnerabilities

CVE-2025-48012

MEDIUM
CVSS:4.8(Medium)

Authentication Bypass by Capture-replay vulnerability in Drupal One Time Password allows Remote Services with Stolen Credentials.This issue affects One Time Password: from 0.0.0 before 1.3.0.

CWE-2942025

CVE-2022-29475

MEDIUM
CVSS:4.7(Medium)

An information disclosure vulnerability exists in the XFINDER functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted man-in-the-middle attack can lead to ...

CWE-2942022

CVE-2020-14302

MEDIUM
CVSS:4.9(Medium)

A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the ...

CWE-2942020

CVE-2024-49595

MEDIUM
CVSS:4.9(Medium)

Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture-replay vulnerability. A high privileged attacker with remote access could potentially exploit this v...

CWE-2942024

CVE-2023-20123

MEDIUM
CVSS:4.6(Medium)

A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay...

CWE-2942023

CVE-2018-14781

MEDIUM
CVSS:5.3(Medium)

Medtronic MiniMed MMT devices when paired with a remote controller and having the “easy bolus” and “remote bolus” options enabled (non-default), are vulnerable to a capture-replay attack. An attacker ...

CWE-2942018