What attack involves capturing valid data and reusing it to fool a system?

A replay attack occurs when an attacker captures a valid data exchange and resubmits it later to fool the system into treating it as a fresh, legitimate request. The risk is that the system accepts the reused message without checking its freshness, so the attacker could gain unauthorized access or perform an action again. To defend against this, systems rely on freshness guarantees like nonces, timestamps, one-time tokens, or challenge-response schemes, ensuring each message is tied to a specific session and cannot be reused. Other options aren’t attacks: a nonce is a protective value used to prevent replays; an initialization vector is a step in encryption to ensure unique ciphertexts; HTTPS is a secure communication protocol, not an attack type.