CWE-294
Overview
- CWE ID
- 294
- CWE Name
- Authentication Bypass by Capture-replay
- CWE Abstraction
- Base
- CWE structure
- Simple
- CWE Status
- Incomplete
Description
A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor chan
Extended Description
Capture-replay attacks are common and can be difficult to defeat without cryptography. They are a subset of network injection attacks that rely on observing previously-sent valid commands, then changing them slightly if necessary and resending the same co