Simple authentication protocols are subject to reflection attacks if a malicious user can use the target machine to impersonate a trusted user.