Ver:

·         http://en.wikipedia.org/wiki/Replay_attack

Ataque consistente en capturar una transmisión de datos correcta y reproducirla posteriormente. Es un ataque típico para capturar secuencias de autenticación correctas y reproducirlas luego para que el atacante logre los mismos derechos de acceso.

An attack in which the Attacker is able to replay previously captured messages (between a legitimate Claimant and a Verifier) to masquerade as that Claimant to the Verifier or vice versa.[NIST-SP800-63:2013]

An attack that involves the capture of transmitted authentication or access control information and its subsequent retransmission with the intent of producing an unauthorized effect or gaining unauthorized access. [CNSSI_4009:2010]

(I) An attack in which a valid data transmission is maliciously or fraudulently repeated, either by the originator or by a third party who intercepts the data and retransmits it, possibly as part of a masquerade attack. (See: active wiretapping, fresh, liveness, nonce. Compare: indirect attack, reflection attack.) [RFC949:2007]

Where dialogue between the authentication system and main system is intercepted and replayed into the main system by an attacker at a later date. This includes for instance an attacker connecting a PC that appears to perform a password hashing function but in fact merely transmits a previously intercepted hash value.

A replay attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and retransmits it, possibly as part of a masquerade attack by IP packet substitution (such as stream cipher attack).

http://en.wikipedia.org/wiki/Replay_attack