What is a typical characteristic of a credential replay attack?

A credential replay attack is primarily characterized by the method of using previously captured credentials to gain unauthorized access. This involves taking the valid credentials of a user, which might include login details such as usernames and passwords, and then retransmitting or replaying those credentials to the authentication system. The attack relies on the fact that the system accepts the credentials as valid again, even if they have been used before, thus allowing the attacker to bypass security measures and impersonate the legitimate user.

The other options touch upon different types of attacks or actions related to credentials but do not accurately describe a credential replay attack. Using stolen passwords across different accounts indicates credential stuffing, where an attacker takes one stolen credential and tries it across multiple accounts. Changing passwords without authorization pertains to account takeover but does not involve replaying existing credentials. Lastly, brute force access involves systematically attempting a variety of passwords until the correct one is found, rather than using captured credentials. Thus, the most fitting description of a credential replay attack is the act of repeating recorded login attempts with captured credentials.