Reflection Attack in an Authentication Protocol

Description

Simple authentication protocols are subject to reflection attacks if a malicious user can use the target machine to impersonate a trusted user.

Applies To

• Languages: Any
• Platforms: All

Example

Impact

• Authentication: The primary result of reflection attacks is successful authentication with a target machine -- as an impersonated user.

Vulnerabilities

• Failure to require each entity in a secure transaction to have a unique key.

Countermeasures

• Design: Use different keys for the initiator and responder or of a different type of challenge for the initiator and responder.

Vulnerability Patterns

• Reflection Attack in an Authentication Protocol Vulnerability Pattern

How Tos

• How To Recognize Reflection Attack in an Authentication Protocol Vulnerabilities
• How To Protect from Reflection Attack in an Authentication Protocol
• How To Perform an Attack Based On Reflection Attack in an Authentication Protocol