GCIH · Question #175
Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is ea
The correct answer is A. Replay. Eve intercepts and stores valid authentication credentials from a live session, then retransmits them later to impersonate Alice - this is a textbook replay attack.
Question
Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping the conversation and keeps the password. After the interchange is over, Eve connects to Bob posing as Alice; when asked for a proof of identity, Eve sends Alice's password read from the last session, which Bob accepts. Which of the following attacks is being used by Eve?
Options
- AReplay
- BFirewalking
- CSession fixation
- DCross site scripting
How the community answered
(28 responses)- A93% (26)
- B4% (1)
- C4% (1)
Why each option
Eve intercepts and stores valid authentication credentials from a live session, then retransmits them later to impersonate Alice - this is a textbook replay attack.
A replay attack occurs when an adversary captures a valid authentication credential or session token in transit and retransmits it later to gain unauthorized access without needing to know the underlying secret. In this scenario, Eve eavesdrops on Alice's password exchange, stores it, and presents it to Bob in a new session. Common mitigations include one-time nonces, timestamps, and session tokens that are invalidated after a single use.
Firewalking is a network reconnaissance technique that uses crafted TTL-manipulated packets to map firewall ACL rules; it does not involve capturing or replaying credentials.
Session fixation forces a victim to authenticate using an attacker-supplied session ID, which is distinct from capturing and replaying a password from a previous legitimate session.
Cross-site scripting (XSS) injects malicious client-side scripts into pages viewed by other users to steal data or hijack sessions; it does not describe offline credential capture and retransmission.
Concept tested: Replay attack using intercepted credentials
Source: https://csrc.nist.gov/glossary/term/replay_attack
Topics
Community Discussion
No community discussion yet for this question.