From Guidance Share
Jump to navigationJump to search
A capture-relay protocol flaw exists when it is possible for a malicious user to sniff network traffic and replay it to the server in question to the same effect as the original message (or with minor changes).
- Languages: All
- Operating platforms: All
- Authorization: Messages sent with a capture-relay attack allow access to resources which are not otherwise accessible without proper authentication.
- Failure to prevent messages from being recieved and parsed more than once.
- Design: Utilize some sequence or time stamping functionality along with an encrypted hash or HMAC which takes this into account in order to ensure that messages can be parsed only once.