Authentication Bypass by Capture-replay
This vulnerability occurs when an attacker can intercept and record legitimate authentication traffic, then replay it later to gain unauthorized access. The system accepts the replayed data as valid, effectively bypassing normal authentication checks.
Capture-replay attacks are a prevalent network threat where an adversary eavesdrops on a valid communication session, saves the transmitted data (like login requests or session tokens), and later resends that identical or slightly modified data to the server. Because the replayed data appears legitimate, the system grants access without requiring the attacker to know the actual credentials or break any encryption. These attacks are a specific type of network injection that can be challenging to prevent without implementing proper cryptographic defenses. To mitigate this risk, developers need to ensure that each authentication request is unique and cannot be reused, typically by incorporating timestamps, nonces, or sequence numbers that the server can validate.
Impact: Gain Privileges or Assume Identity
Messages sent with a capture-relay attack allow access to resources which are not otherwise accessible without proper authentication.
High
- 60DEPRECATED: UNIX Path Link Problems
- 94Improper Control of Generation of Code ('Code Injection')
- 102Struts: Duplicate Validation Forms
- 509Replicating Malicious Code (Virus or Worm)
- 555J2EE Misconfiguration: Plaintext Password in Configuration File
- 561Dead Code
- 644Improper Neutralization of HTTP Headers for Scripting Syntax
- 645Overly Restrictive Account Lockout Mechanism
- 652Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
- 701Weaknesses Introduced During Design
- PLOVER
- CLASP