Replay Attacks

Network Attacks 🎯 • Authentication & Authorization 🔐 • Sec+ Glossary 📖 • Security+ 02 • Difficulty: free

What is Replay Attacks?

A replay attack is an attack in which a valid data transmission, authentication message, or transaction is captured and then resent later by an attacker in order to gain unauthorized access, repeat an action, or trick a system into accepting old communication as new.

Examples

An attacker captures an authentication exchange on an insecure network and retransmits it later to try to gain access without knowing the actual password.
A payment-related request is intercepted and replayed so the receiving system processes the same action more than once.

Discover 🔎

Some attacks work by breaking secrecy. Others work by changing data. A replay attack takes a different route. Instead of creating a fake message from scratch, the attacker captures a real one and reuses it.

That is what makes replay attacks so interesting. The communication may have been genuine when it was first sent. The danger appears when the system cannot tell that the same message is being presented again at the wrong time or in the wrong context.

Remember: In a replay attack, the attacker may not need to understand the message fully. It can be enough to capture it and resend it successfully.

Summary 📝

A replay attack occurs when an attacker captures a legitimate message and resends it later in the hope that the receiving system will accept it again. The attack succeeds when a system checks whether a message is valid but fails to check whether it is new and contextually appropriate. Effective defense comes from anti-replay measures such as nonces, timestamps, short-lived tokens, sequence numbers, and protocol designs that make old messages useless.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.