Capture-Replay

From Guidance Share
Revision as of 04:48, 7 August 2007 by GardenTender (talk | contribs)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to navigationJump to search

Description

A capture-relay protocol flaw exists when it is possible for a malicious user to sniff network traffic and replay it to the server in question to the same effect as the original message (or with minor changes).


Applies To

  • Languages: All
  • Operating platforms: All


Example

Impact

  • Authorization: Messages sent with a capture-relay attack allow access to resources which are not otherwise accessible without proper authentication.


Vulnerabilities

  • Failure to prevent messages from being recieved and parsed more than once.


Countermeasures

  • Design: Utilize some sequence or time stamping functionality along with an encrypted hash or HMAC which takes this into account in order to ensure that messages can be parsed only once.


Vulnerability Patterns


How Tos