View source for Reflection Attack in an Authentication Protocol

== Description ==
Simple authentication protocols are subject to reflection attacks if a malicious user can use the target machine to impersonate a trusted user. 


== Applies To ==
*Languages: Any
*Platforms: All


== Example ==
 
 

== Impact ==
*Authentication: The primary result of reflection attacks is successful authentication with a target machine -- as an impersonated user.


== Vulnerabilities ==
*Failure to require each entity in a secure transaction to have a unique key.


== Countermeasures ==
*Design: Use different keys for the initiator and responder or of a different type of challenge for the initiator and responder.


== Vulnerability Patterns ==
* [[Reflection Attack in an Authentication Protocol Vulnerability Pattern]]


== How Tos ==
* [[How To Recognize Reflection Attack in an Authentication Protocol Vulnerabilities]]
* [[How To Protect from Reflection Attack in an Authentication Protocol]]
* [[How To Perform an Attack Based On Reflection Attack in an Authentication Protocol]]