Replay Attack in Gin with Basic Auth
Replay Attack in Gin with Basic Auth — how this specific combination creates or exposes the vulnerability
A replay attack in the context of Gin with HTTP Basic Auth occurs when an intercepted authentication request is maliciously or accidentally repeated to gain unauthorized access. Basic Auth encodes credentials in an Authorization header using Base64, which is easily reversible and provides no built-in protection against replay. If a request containing the header Authorization: Basic base64(username:password) is captured over the network, an attacker can reuse the exact same request to impersonate the user. This is especially dangerous when requests are not bound to a nonce, timestamp, or TLS session properties that prevent reuse.
Because middleBrick scans the unauthenticated attack surface of your Gin endpoints, it tests whether authentication headers can be reused across requests without additional protections. In a scan, one of the 12 checks runs replay-oriented probes against endpoints using Basic Auth and surfaces findings when responses do not include mechanisms to prevent request duplication. Without server-side defenses such as one-time tokens, strict nonce validation, or short-lived credentials, Basic Auth alone does not stop an attacker from replaying a captured request.
Consider a Gin endpoint that accepts a payment or state change without additional context. If the only gate is a static Basic Auth credential, a captured request can be replayed at any time while the credential remains valid. middleBrick’s checks for BOLA/IDOR and related authorization issues highlight scenarios where replay can lead to unauthorized operations, and the findings include remediation guidance to bind requests to unique, short-lived values.