An attack on a cryptographic algorithm. If a server asks for a password the client encrypts it and sends it back. A malicious user listening in can grab a copy of the encrypted password, pretend to be the user and when the server requests the password he can just send the previously captured encrypted password instead.