Reflection Attack in an Authentication Protocol

From Guidance Share

Revision as of 04:42, 7 August 2007 by GardenTender (talk | contribs)

(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)

Jump to navigation Jump to search

Description

Simple authentication protocols are subject to reflection attacks if a malicious user can use the target machine to impersonate a trusted user.

Applies To

Languages: Any
Platforms: All

Example

Impact

Authentication: The primary result of reflection attacks is successful authentication with a target machine -- as an impersonated user.

Vulnerabilities

Failure to require each entity in a secure transaction to have a unique key.

Countermeasures

Design: Use different keys for the initiator and responder or of a different type of challenge for the initiator and responder.

Vulnerability Patterns

Reflection Attack in an Authentication Protocol Vulnerability Pattern

How Tos

Navigation menu