What type of attack does the attacker store and reuse login information?

A replay attack occurs when an attacker captures valid authentication data—such as login credentials, session tokens, or cryptographic handshakes—and later reuses that data to gain unauthorized access. The attacker does not need to know the actual password; instead, they replay previously captured authentication information.

Replay attacks often exploit systems that lack proper protections such as timestamps, nonces, session expiration, or cryptographic challenge-response mechanisms. These attacks are particularly dangerous in poorly secured authentication protocols or legacy systems.

A man-in-the-middle attack involves intercepting and potentially altering communications in real time, while a replay attack focuses on reusing captured data. Smurf attacks and DDoS attacks target availability, not authentication.

Security controls such as time-based tokens, one-time passwords, mutual authentication, and secure protocols (e.g., TLS) are commonly used to prevent replay attacks. NIST authentication guidelines explicitly recommend replay resistance as a core requirement for secure authentication systems.