You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
RFC 2617 stated that the nonce data string should be uniquely generated (§3.2.1)
But to detect/prevent replay attack the server side could reuse the same nonce (§4.3,§4.4,§4.5)
the nonce count is hard coded so when receiving the same nonce again the nonce count is still 1 and the server detect a replay attack thus refusing the registration.
1st registration works ok
REGISTER -->
<-- 401 unauthorized nonce ="12345678"
REGISTER --> nonce="12345678", nonce count="00000001"
<-- 200 OK
RFC 2617 stated that the nonce data string should be uniquely generated (§3.2.1)
But to detect/prevent replay attack the server side could reuse the same nonce (§4.3,§4.4,§4.5)
the nonce count is hard coded so when receiving the same nonce again the nonce count is still 1 and the server detect a replay attack thus refusing the registration.
1st registration works ok
REGISTER -->
<-- 401 unauthorized nonce ="12345678"
REGISTER --> nonce="12345678", nonce count="00000001"
<-- 200 OK
2nd registration
REGISTER -->
<-- 401 unauthorized nonce ="12345678"
REGISTER --> nonce="12345678", nonce count="00000001"
<-- 403 FORBIDDEN Warning: Digest replay attack detected
The text was updated successfully, but these errors were encountered: