Threats

  • Messages may traverse untrusted intermediaries on an insecure network – any of whom could capture the message and resend the message to the service.
  • A replayed message will often cause data inconsistencies (especially true of update operations)

Vulnerabilities

  • Limited support for preventing replayed messages
  • Many replay caches do not support web farms - meaning that a replayed message could be sent to a separate server in a farm and defeat an in-memory replay cache.

Countermeasures