Solution to Scenario One-Time Passwords
A possible solution to this scenario is to tap the current password and disturb the protocol before server 1 receives the password. You proceed as follows:
- You create a connection between the attacker’s computer and router 1.
- Attack router 1 (it must appear red now).
- Separate the connection between router 1 and router 2.
- You start the protocol from the client via the button Authenticate client. As soon as the data packet is transferred from router 1, a copy is forwarded to you so you can obtain the password. The disconnection between router 1 and router 2 prevents the proper protocol process which, therefore, has to be stopped. You and the client receive a notice “The protocol was interrupted”.
- Now revoke the separation of router 1 and router 2 and then you can proceed with the protocol from the attacker’s computer with the still current password (from the server´s point of view) via the button Authenticate attacker.
