Reflection Attack in an Authentication Protocol

Draft Base

Structure: Simple

Description

A reflection attack is a flaw in mutual authentication protocols that allows an attacker to impersonate a legitimate user without knowing the secret key. This happens when an attacker can bounce, or 'reflect,' a server's own challenge back to it using a second connection, tricking the system into granting access.

Extended Description

In a typical mutual authentication setup, both the client and server share a secret key. To prove identity without sending the key directly, they exchange random challenges that must be encrypted with that shared secret. The vulnerability arises when the same key is used across multiple sessions and the protocol design allows an attacker to use the server's response from one connection to answer a challenge in another. Here’s how the attack works in practice: An attacker initiates a connection to the server, posing as a legitimate user, and receives a challenge. Instead of solving it, the attacker opens a second connection to the server. In this new session, the attacker sends the server's original challenge as its own. The server helpfully encrypts it and sends the response back, which the attacker then uses to correctly answer the first connection's challenge. This bypasses authentication because the server essentially authenticates itself, granting the attacker access.

Common Consequences 1

Scope: Access Control

Impact: Gain Privileges or Assume Identity

The primary result of reflection attacks is successful authentication with a target machine -- as an impersonated user.

Potential Mitigations 2

Phase: Architecture and Design

Use different keys for the initiator and responder or of a different type of challenge for the initiator and responder.

Phase: Architecture and Design

Let the initiator prove its identity before proceeding.

Demonstrative Examples 1

The following example demonstrates the weakness.

Code Example:Bad
C
c

Code Example:Bad
Java
java

Observed Examples 1

CVE-2005-3435product authentication succeeds if user-provided MD5 hash matches the hash in its database; this can be subjected to replay attacks.

References 2

The CLASP Application Security Process

Secure Software, Inc.

2005

https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf(2024-11-17)

ID: REF-18

The Art of Software Security Assessment

Mark Dowd, John McDonald, and Justin Schuh

Addison Wesley

2006

ID: REF-62

Likelihood of Exploit

Medium

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Modes of Introduction

Architecture and Design

Related Attack Patterns

90
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

Related Weaknesses

ChildOf:

Weak Authentication (CWE-1390)

PeerOf:

Use of a Broken or Risky Cryptographic Algorithm (CWE-327)

Taxonomy Mapping

CLASP
OWASP Top Ten 2007

Notes

MaintenanceThe term "reflection" is used in multiple ways within CWE and the community, so its usage should be reviewed.