Reflection Attack in an Authentication Protocol
From Guidance Share
Jump to navigationJump to searchDescription
Simple authentication protocols are subject to reflection attacks if a malicious user can use the target machine to impersonate a trusted user.
Applies To
- Languages: Any
- Platforms: All
Example
Impact
- Authentication: The primary result of reflection attacks is successful authentication with a target machine -- as an impersonated user.
Vulnerabilities
- Failure to require each entity in a secure transaction to have a unique key.
Countermeasures
- Design: Use different keys for the initiator and responder or of a different type of challenge for the initiator and responder.
Vulnerability Patterns