Reflection Attack in an Authentication Protocol

From Guidance Share

Jump to: navigation, search

Contents

Description

Simple authentication protocols are subject to reflection attacks if a malicious user can use the target machine to impersonate a trusted user.


Applies To

  • Languages: Any
  • Platforms: All


Example

Impact

  • Authentication: The primary result of reflection attacks is successful authentication with a target machine -- as an impersonated user.


Vulnerabilities

  • Failure to require each entity in a secure transaction to have a unique key.


Countermeasures

  • Design: Use different keys for the initiator and responder or of a different type of challenge for the initiator and responder.


Vulnerability Patterns


How Tos

Personal tools