Episode 526: Brian Campbell on Proof of Possession Defenses
Software Engineering Radio - the podcast for professional software developers
00:00
What Are Replay Attacks?
A bearer token in a lot of ways is equivalent to cash. You can use it to buy things at a store and there's no additional checks beyond simply holding that token to consider it valid. And because they're bearer, as we've talked about, whoever has the token, the thief then can use it as though they are the legitimate holder of it. There's nothing preventing the thief from using a token regardless of how it was obtained.
Transcript
Play full episode
