User authentication allows for replay attack

From Safeval Wiki
Revision as of 17:00, 13 April 2015 by Ricardo@ralbuquerque.com (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The absence of encryption mechanisms in the user authentication process and the lack of a distinct temporal component for each authentication allows the authentication process communication packages to be intercepted, recorded and replayed to authenticate again. Even if the attacker does not know exactly what was the authentication credentials used, he can reproduce the authentication packages to forge an user authentication.

The authentication process shall be done encrypted and must contain a unique, sequential or temporal component that prevents the same communication package used to authenticate the user at a given time, allow a new authentication at a later time.

The following authentication mechanisms allows greater safety in the user authentication process:

  1. Challenge/response
  2. Kerberos
  3. Public/private key

If the operating system or the base platform for your system offers a safe authentication mechanism, is usually better to use it.