Annie has just succeeded in stealing a secure cookie via a XSS attack. She is able to replay the cookie even while the session is valid on the server. Why do you think this is possible?
![PrepAway - Latest Free Exam Questions & Answers](https://www.briefmenow.org/img/pa5.jpg)
A.
It works because encryption is performed at the application layer (single encryption key)
B.
It works because encryption is performed at the network layer (layer 1 encryption)
C.
Any cookie can be replayed irrespective of the session status
D.
The scenario is invalid as a secure cookie cannot be replayed
Explanation:
Single key encryption (conventional cryptography) uses a single word or phrase as the key. The same key is used by the sender to encrypt and the receiver to decrypt. Sender and receiver initially need to have a secure way of passing the key from one to the other. With TLS or SSL this would not be possible.
A is the correct answer