An attacker can
abuse an authentication protocol susceptible to reflection attack in order to
defeat it. Doing so allows the attacker illegitimate access to the target
system, without possessing the requisite credentials. Reflection attacks are of
great concern to authentication protocols that rely on a challenge-handshake or
similar mechanism. An attacker can impersonate a legitimate user and can gain
illegitimate access to the system by successfully mounting a reflection attack
during authentication.
Attack
Execution Flow
·
The
attacker opens a connection to the target server and sends it a challenge
·
The
server responds by returning the challenge encrypted with a shared secret as
well as its own challenge to the attacker
·
Since
the attacker does not possess the shared secret, he initiates a second
connection to the server and sends it, as challenge, the challenge received
from the server on the first connection
·
The
server treats this as just another handshake and responds by encrypting the
challenge and issuing its own to the attacker
·
The
attacker now receives the encrypted challenge on the second connection and
sends it as response to the server on the first connection, thereby
successfully completing the handshake and authenticating to the server.
Attack Pattern 90
http://capec.mitre.org/data/index.html
Temas relacionados