Session Replay
Variants:
Direct
Also Known As:
Authentication Bypass by Capture-Replay, Reusing Session ID
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level, Web-Infrastructure-Level
Platforms:
Any
Target Type:
Application
Affected Mechanisms:
Communication Encryption, Authentication Enforcement
Invented In:
01/01/1999
Added In:
23/12/2014
Quick Introduction to the Topic:
Vector Operation Method:
Attackers can bypass the authentication enforcement by capturing and replaying authentication tokens when there is a lack of communication encryption and the application uses improper HTTP digest authentication implementation, plaintext credentials or other consistent session identifiers.
