replay attack security error while connecting to server at second or third time in iphone programming

Question

I am facing a weird issue of replay attack while getting response from the digest authenticated server. Real problem is that it works for all other screens in the application but it's not working for only one of the view controller.

What I know about replay attack is that it occurs in case timestamp or other parameters sent during request are repeated for two consecutive requests. But in my case I checked with the parameters sent during consecutive requests and new parameters are getting generated every time.Even timestamp is changing per request.

I have a list of view controllers from where web service is getting called for the data to be shown.Error is not happening for first few requests and is getting occurred for only one view controller.

Error log is as shown below:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
   <soap:Body>
      <soap:Fault>
         <faultcode xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:InvalidSecurity
         </faultcode>
         <faultstring>An error was discovered processing the &lt;wsse:Security> header (An error happened processing a Username Token "A replay attack has been detected")
         </faultstring>
      </soap:Fault>
   </soap:Body>
</soap:Envelope>

Answer 1

Do you have access to the web service or only the client? If this is a CXF web service, it can be using nonce.caching or timestamp.caching which detect replay attacks.

"ws-security.enable.timestamp.cache" "ws-security.timestamp.cache.instance"

What web server client or server are you using?

Thanks, Yogesh

Answer 2

My issue was solved by creating new nonce entry as suggested here

enter link description here