Repudiation threats can occur if a software system does not properly track and log actions that take place. This allows users, legitimate or otherwise, to be able to deny that they performed a particular action. For example, an attacker could manipulate data and then deny responsibility. Without the system being able to trace the operations properly, there would be no way to prove otherwise. Such an attack could involve sending inaccurate information to log files, making the entries in the log files misleading and unusable.

In software systems, we seek non-repudiation, which is the assurance that a person cannot deny an action that they performed. Strong authentication, accurate and thorough logging, and the use of digital certificates ...