PrepAway - Latest Free Exam Questions & Answers

Why do you think this is possible?

Annie has just succeeded is stealing a secure cookie via a XSS attack. She is able to replay the cookie even while the session is valid on the server. Why do you think this is possible?

PrepAway - Latest Free Exam Questions & Answers

A.
Any Cookie can be replayed irrespective of the session status

B.
The scenario is invalid as a secure cookie can’t be replayed

C.
It works because encryption is performed at the network layer (layer 1 encryption)

D.
It works because encryption is performed at the application layer (Single Encryption Key)

Explanation:
Single key encryption (conventional cryptography) uses a single word or phrase as the key. The same key is used by the sender to encrypt and the receiver to decrypt. Sender and receiver initially need to have a secure way of passing the key from one to the other. With TLS or SSL this would not be possible.


Leave a Reply