Which attack captures authentication credentials to be used later in a replay?

A replay attack is an attack method where an attacker captures authentication credentials, such as a user's login data or session tokens, and then uses this information to gain unauthorized access to a system or network at a later time. The key aspect of a replay attack lies in the attacker’s ability to record and subsequently resend this information without necessarily altering it.

In this scenario, authentication credentials are intercepted during a legitimate data transmission. Once captured, the attacker can impersonate the victim by replaying the credentials when they attempt to access the service again. This type of attack exploits the lack of proper session management or the reuse of credentials without additional verification steps, leading to potential breaches of security.

The other options, while associated with different forms of attacks, do not specifically focus on the capture and reuse of authentication credentials in the same way. A man-in-the-middle attack involves intercepting the communication between two parties without their knowledge, which might lead to capturing credentials but does not inherently involve reusing them in the same manner as a replay attack. Spear phishing is a targeted email attack designed to deceive users into providing sensitive information, and ARP poisoning is a technique used to redirect traffic on a local network but does not directly capture credentials for later use as seen in a replay