Replay Attack
What is Replay Attack?
Replay AttackAn attack that captures legitimate network traffic — typically authentication tokens or transactions — and retransmits it later to impersonate the original sender.
In a replay attack the adversary records a valid protocol exchange (for example a session cookie, a Kerberos ticket, a signed API request, or a wireless frame) and resubmits it to the server. If the protocol does not include freshness guarantees, the server cannot distinguish the replayed message from a fresh one. Replay is a building block of pass-the-hash, pass-the-ticket, transaction-tampering, and many IoT/automotive attacks. Defences rely on freshness primitives: nonces and challenge–response, monotonically increasing sequence numbers, short-lived signed tokens, MFA bound to the channel, TLS with anti-replay, mutual authentication, and revocation lists.
● Examples
- 01
Replaying a captured Kerberos ticket or NTLMv1 hash to access a service as the original user.
- 02
Replaying a recorded keyfob radio frame to open a car or garage door (in systems without rolling codes).
● Frequently asked questions
What is Replay Attack?
An attack that captures legitimate network traffic — typically authentication tokens or transactions — and retransmits it later to impersonate the original sender. It belongs to the Attacks & Threats category of cybersecurity.
What does Replay Attack mean?
An attack that captures legitimate network traffic — typically authentication tokens or transactions — and retransmits it later to impersonate the original sender.
How do you defend against Replay Attack?
Defences for Replay Attack typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Replay Attack?
Common alternative names include: Replay.