A type of cyberattack based on the reuse of intercepted session IDs or other authorization information in the target system. One variant involves copying transaction data transmitted to a financial system, and then using it to make a payment to the attacker. For this purpose, the cybercriminal needs to modify the details about the transfer recipient and amount in the source document.
To protect against replay attacks, the data channel is encrypted and unique temporary open session IDs are issued.