Reverse Online Guessing Attacks on PAKE Protocols

This paper identifies a vulnerability in password-authenticated key exchange (PAKE) protocols called "reverse online guessing attacks," where an adversary validates password guesses by impersonating a server rather than a client. The attack is particularly effective in phishing, password-spraying scenarios, or applications with automated logins like WPA3-SAE, and exploits the fact that PAKE protocols lack server authentication mechanisms beyond the password itself.