Read Time:40 Second

Description

Simple authentication protocols are subject to reflection attacks if a malicious user can use the target machine to impersonate a trusted user.

Modes of Introduction:

– Architecture and Design

 

Likelihood of Exploit: Medium

 

Related Weaknesses

CWE-287
CWE-327

 

Consequences

Access Control: Gain Privileges or Assume Identity

The primary result of reflection attacks is successful authentication with a target machine — as an impersonated user.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Use different keys for the initiator and responder or of a different type of challenge for the initiator and responder.

Phase: Architecture and Design

Description: 

Let the initiator prove its identity before proceeding.

CVE References

  • CVE-2005-3435
    • product authentication succeeds if user-provided MD5 hash matches the hash in its database; this can be subjected to replay attacks.