Replay Attack
Attack description
Replay Attacks are usually used by an attacker to "replay" the login process to an otherwise restricted resource; therefore violating the access control system.
Before executing the replay attack an attacker has to gain access to a SOAP Message that contains the login credentials. This can be achieved in various ways. Some examples are:
- Attacker is in control of an intermediary that sits between sender and receiver.
- Attacker has access to the local machine of the victim; logging all outgoing traffic.
- Attacker uses "classical" techniques to wire tap TCP/IP traffic.
Once the required data is
If no precautions are taken it doesn't matter if the replayed data is encrypted or not since the receiver can not distinguish between the current and the previous SOAP message.
Attack subtypes
No attack subtypes are defined.
Prerequisites for attack
In order for this attack to work the attacker has to have knowledge about the following thinks:
- Attacker is able to capture SOAP Messages send between web service client and receiver.
- Attacker can reach endpoint from its location. Access to the attacked web service server is possible for the attacker. This prerequisite is important if the web service is only available to users within a certain network.
Graphic representation of attack
This the attacker poses as the web service client, the web service client is the attacked component.
- Red = attacked web service component
- Black = location of attacker
- Blue = web service component not directly involved in attack.
Attack example
No example available/necessary.
Attack mitigation / countermeasures
The attack can be countered by introducing random data to each login session. If both parties ensure that each nonce is used only once, replay attacks are not possible any more.
Attack categorisation
Categorisation by violated security objective
The attack aims at exhausting the system resources, therefore it violates the security objective Availability.
- Category:Attack_Categorisation_By_Violated_Security_Objective_Access_Control
- Category:Attack_Categorisation_By_Violated_Security_Objective
Categorisation by number of involved parties
- Category:Attack_Categorisation_By_Number_Of_Involved_Parties:1_-_1_-_1
- Category:Attack_Categorisation_By_Number_Of_Involved_Parties
Categorisation by attacked component in web service architecture
- Category:Attack_Categorisation_By_Attacked_Web_Service_Component:_Web_Service_Client
- Category:Attack_Categorisation_By_Attacked_Web_Service_Component
Categorisation by attack spreading
- Category:Attack_Categorisation_By_Attack_Spreading
- Category:Attack_Categorisation_By_Attack_Spreading:Application_Specific_Flaws
References
- Frederick Hirsch and Pratik Datta. Xml signature best practices. http://www.w3.org/TR/2009/WD-xmldsig-bestpractices-20090226/, 2010. Accessed 01 July 2010.
- Leroy Metin Yaylacioglu. Business value einer web service firewall. Master’s thesis, Hochschule für Angewandte Wissenschaften Hamburg, 2008.
- Attack Categorisation By Violated Security Objective Access Control
- Attack Categorisation By Violated Security Objective
- Attack Categorisation By Number Of Involved Parties:1 - 1 - 1
- Attack Categorisation By Number Of Involved Parties
- Attack Categorisation By Attacked Web Service Component: Web Service Client
- Attack Categorisation By Attacked Web Service Component
- Attack Categorisation By Attack Spreading
- Attack Categorisation By Attack Spreading:Application Specific Flaws