20.3.14. What is a Replay Attack

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/5

flashcard set

Earn XP

Description and Tags

20.3. Application Attacks

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

6 Terms

1
New cards

Replay Attack

A replay attack is when an attacker captures valid data (like a login request) and re-sends it later to gain unauthorized access. They do not need to know the actual password, just have recording.

- It is a form of a Man-in-the-Middle (MitM) attack.

2
New cards

Simple Replay Attack

The attacker literally just records a valid piece of information (like a login request) and then sends that exact same recording back to the system later.

3
New cards

Session Replay Attack

Records the token or cookie

Instead of just replaying a login, the attacker focuses on replaying a "session token" or "session cookie." This token is like a temporary digital ID card that proves you're logged in. If an attacker captures and replays your valid session token, the system thinks they are you, even if they never knew your password.

4
New cards

Challenge-Response Attack

record of the challenge question and answer

In a "challenge-response" system, the server asks a random question (the "challenge"), and the client (you) has to give the correct answer (the "response") to prove who they are. If this system isn't set up carefully, an attacker could record a challenge and its correct response, and then just replay that entire interaction later to gain access.

5
New cards

Timestamp or Nonce-based Replay Attacks

(How they are defeated):

- What it is: These aren't types of attacks themselves, but rather how replay attacks are prevented. Systems use two main methods:

- Timestamps: The system adds a time tag to every message. If a message is replayed later, the system checks the time tag. If it's too old, it's rejected.

- Nonces (Numbers Used Once): The system sends a unique, random number (a "nonce") with each request or challenge. The response must include that exact nonce. If a message is replayed, it will contain an old nonce, or a nonce that the system has already seen, and thus the system rejects it as invalid.

6
New cards

🛡 How to Prevent Replay Attacks

- Timestamps – Messages are only valid for a short time.

- Nonces – Random value used once.

- Session Tokens – Unique tokens per session.

- One-Time Passwords (OTP) – Valid only once.

- Sequence Numbers – Messages must arrive in the right order.

Messages are numbered, and the system expects them in order, so a replayed message out of sequence is rejected.

- Encryption + Authentication – Ensures message validity.