Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Location Chicago IL, USA

Exam CS0-002 topic 1 question 55 discussion

Actual exam question from CompTIA's CS0-002
Question #: 55
Topic #: 1
[All CS0-002 Questions]

A security analyst is reviewing a web application. If an unauthenticated user tries to access a page in the application, the user is redirected to the login page. After successful authentication, the user is then redirected back to the original page. Some users have reported receiving phishing emails with a link that takes them to the application login page but then redirects to a fake login page after successful authentication.
Which of the following will remediate this software vulnerability?

  • A. Enforce unique session IDs for the application.
  • B. Deploy a WAF in front of the web application.
  • C. Check for and enforce the proper domain for the redirect.
  • D. Use a parameterized query to check the credentials.
  • E. Implement email filtering with anti-phishing protection.
Show Suggested Answer Hide Answer

Suggested Answer: A

Comments

I_heart_shuffle_girls
Highly Voted 3 months ago
I feel as though C is the correct answer here. This seems like an unvalidated redirect and forwards attack. https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html
upvoted 7 times
...
Obi_Wan_Jacoby
Highly Voted 2 months, 3 weeks ago
I think it is C. The reason being is it takes them to a fake login page "after" a successful login has happened. This fake page would be to have them log in again (I assume, and if so it is to steal creds). Therefore, to stop that, answer C would be needed to stop the redirect. A unique session ID would not stop the re-direct and theft of creds? Sound about right?
upvoted 7 times
...
BK00
Most Recent 1 week, 2 days ago
I feel like A is the correct answer on this one. I think the issue here is the web application's sessions management. Think about it..if the attacker successfully managed to redirect the user to fake site, he certainly would have to insert himself in the middle of the normal client-server communication by pulling off some form of MITM attack. And we know MITM attacks often leverages weaknesses in the session management to hijack or impersonate a legitimate server. So, this to me points to insecure or weak session management by the web application
upvoted 1 times
...
Alizadeh
3 weeks, 6 days ago
C is the correct answer
upvoted 1 times
...
somsom
1 month, 2 weeks ago
I go for C
upvoted 1 times
...
americaman80
1 month, 3 weeks ago
C is the correct answer. source: https://docs.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca3007 "Some approaches to fixing open redirect vulnerabilities include: Don't allow users to initiate redirects. Don't allow users to specify any part of the URL in a redirect scenario. Restrict redirects to a predefined "allow list" of URLs. Validate redirect URLs. If applicable, consider using a disclaimer page when users are being redirected away from your site."
upvoted 1 times
...
boblee
2 months ago
C is the correctr answer.
upvoted 1 times
...
btoopalow
2 months, 4 weeks ago
I picked A. It felt like a session hijacking attack to me. But not 100%
upvoted 2 times
...

SaveCancel