HomeSecurity

Replay Attack

Jenna Phipps
Jenna Phipps
Updated on:

A replay attack is a type of man-in-the-middle attack where a hacker intercepts a network session and reuses the legitimate user’s credentials to repeat the session. For example, if an attacker performs packet sniffing or another form of eavesdropping on a user’s Internet session and intercepts their login, the attacker can “replay” that session and log into the user’s account. The replayed session or request appears legitimate because it originally came from the real user. Even encrypted Internet sessions are susceptible to replay attacks because the attacks don’t require decryption: the hacker can simply replay the session, encrypted data and all. This is particularly dangerous for enterprises, which store a wealth of sensitive data within different accounts.

Preventing replay attacks

Because replay attacks depend on reusing the session credentials that an attacker has intercepted, preventing replay attacks often means generating a single-use encryption key or ID for an Internet session. Many network transmissions between two users now use a specific, single-use encryption key, which is only valid for one session and will not allow an attacker to replay the session.

Users may even log into an account with a single-use password, which will have to be reset for every subsequent login. This prevents a replay attacker from submitting another request with the intercepted password; it will no longer be usable.

A virtual private network may protect users from man-in-the-middle attacks: they set up a computer network separate from the standard network, which typically prevents attackers from eavesdropping on the Internet connection. However, VPNs are not perfect, and they’ve occasionally allowed attackers to access the user’s network through endpoint insecurities. Some VPNs actually have flaws that allow attackers to replay Internet sessions, having gained access to their network connection using cookies that weren’t dealt with properly. If you are using a VPN to avoid replay attacks, research different options carefully and watch for security bugs that have come to light in certain VPN products.






Jenna Phipps
Jenna Phipps
Jenna Phipps is a writer for Webopedia.com, Enterprise Storage Forum, and CIO Insight. She covers data storage systems and data management, information technology security, and enterprise software solutions.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.

Related Articles

Virtual Private Network (VPN)

Communications Kaiti Norton - 0
A virtual private network (VPN) encrypts a device's Internet access through a secure server. It is most frequently used for remote employees accessing a...

Gantt Chart

Applications Abby Braden - 0
A Gantt chart is a type of bar chart that illustrates a project schedule and shows the dependency between tasks and the current schedule...

Input Sanitization

Security Webopedia Staff - 1
Input sanitization is a cybersecurity measure of checking, cleaning, and filtering data inputs from users, APIs, and web services of any unwanted characters and...

IT Asset Management Software

Applications Webopedia Staff - 0
IT asset management software (ITAM software) is an application for organizing, recording, and tracking all of an organization s hardware and software assets throughout...

Related Articles

Definitions

ScalaHosting

ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...
Read more
Development

HRIS

Human resources information system (HRIS) solutions help businesses manage multiple facets of their...
Read more
Definitions

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...
Read more

Webopedia is an online information technology and computer science resource for IT professionals, students, and educators. Webopedia focuses on connecting researchers with IT resources that are most helpful for them. Webopedia resources cover technology definitions, educational guides, and software reviews that are accessible to all researchers regardless of technical background.

Advertisers

Advertise with TechnologyAdvice on Webopedia and our other IT-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2022 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.