Standardlikelihood: Highseverity: HighDraft

CAPEC-90Reflection Attack in Authentication Protocol

Abstraction
Standard
Status
Draft
Likelihood
High
Severity
High

Description

An adversary can abuse an authentication protocol susceptible to reflection attack in order to defeat it. Doing so allows the adversary illegitimate access to the target system, without possessing the requisite credentials. Reflection attacks are of great concern to authentication protocols that rely on a challenge-handshake or similar mechanism. An adversary can impersonate a legitimate user and can gain illegitimate access to the system by successfully mounting a reflection attack during authentication.

Related weaknesses· 2

CWE-301CWE-303

Related attack patterns· 2

CAPEC-272 (ChildOf)CAPEC-114 (ChildOf)

Exploits2

TypeTargetConfidenceTier
WeaknessReflection Attack in an Authentication Protocolcwe-301100%live
WeaknessIncorrect Implementation of Authentication Algorithmcwe-303100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Reflection Attack in an Authentication Protocol
CAPEC
Authentication Abuse
CAPEC
Protocol Manipulation
CAPEC
Session Credential Falsification through Forging
CAPEC
Authentication Bypass
CAPEC
Session Credential Falsification through Manipulation
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.