ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v13 All Questions

View all questions & answers for the 312-50v13 exam
Go to Exam

Exam 312-50v13 topic 1 question 36 discussion

Actual exam question from ECCouncil's 312-50v13
Question #: 36
Topic #: 1
[All 312-50v13 Questions]

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID links the target employee to Boney’s account page without disclosing any information to the victim. When the target employee clicks on the link, all the sensitive payment details entered in a form are linked to Boney’s account.
What is the attack performed by Boney in the above scenario?

  • A. Forbidden attack
  • B. CRIME attack
  • C. Session donation attack
  • D. Session fixation attack
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by tong0819 at Jan. 9, 2025, 1:47 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
KnightHeart
1 month, 1 week ago
Selected Answer: D
A session fixation attack is a type of cyber attack that targets the session management mechanisms of web applications, aiming to hijack user sessions by forcing them to use a pre - determined session ID. Below is a comprehensive breakdown of its principles, scenarios, and defenses:
upvoted 1 times
KnightHeart
1 month, 1 week ago
Attack Principle Preparing a Session ID: The attacker first creates a valid session on the target website, obtaining a unique session ID (e.g., via a cookie like PHPSESSID or a URL parameter). Tricking the Victim into Using the ID: The attacker sends a malicious link to the victim, which contains the pre - created session ID (e.g., https://example.com/?session=attacker_session_id). When the victim clicks the link, the browser is forced to use the attacker’s session ID to interact with the website. Hijacking the Session: If the website does not regenerate the session ID after the user logs in, the attacker can monitor the session. Once the victim authenticates (e.g., logs in), the attacker can use the same session ID to access the victim’s account, as the server treats the session as valid.
upvoted 1 times
...
...
Cherubael
2 months ago
Selected Answer: C
Session fixation usually happens before the victim logs in, whereas session donation happens after the attacker already logged in.
upvoted 1 times
...
Cherubael
2 months, 1 week ago
Selected Answer: C
The attack described in the scenario is a Session donation attack. In this technique, the attacker provides their own valid session ID to the victim.
upvoted 1 times
...
[Removed]
2 months, 2 weeks ago
Selected Answer: D
Session Fixation Attack. In this scenario, Boney manipulates the session ID to trick the target employee into using a session that is already linked to Boney's account. By doing so, any sensitive information entered by the victim gets associated with Boney's account, allowing him to exploit the data for financial gain.
upvoted 1 times
...
joiejijhfri
2 months, 2 weeks ago
Selected Answer: C
boney is giving her session to the victim. so she is donating, therefore its session donation attack
upvoted 1 times
...
agastya_5272
4 months ago
Selected Answer: D
The correct answer is: D. Session fixation attack A session fixation attack is a type of attack where an attacker fixes a session ID on a user's device, allowing the attacker to hijack the user's session. In this scenario: 1. Boney obtains a valid session ID by logging into a service. 2. He feeds the same session ID to the target employee using an MITM (Man-in-the-Middle) attack technique. 3. When the target employee clicks on the link, they are linked to Boney's account page without disclosing any information to the victim. 4. The sensitive payment details entered by the target employee are linked to Boney's account. OPTION C: Its not an any cyber attack .
upvoted 2 times
...
killwitch
4 months ago
Selected Answer: D
D. Session fixation attack. Session fixation attack is a technique where an attacker forces a pre-determined session ID onto a victim. The goal is to trick the victim into using the attacker's session ID, allowing the attacker to hijack the session once the victim authenticates.
upvoted 2 times
...
Booict
4 months ago
Selected Answer: D
D - In a session fixation attack, the attacker sets a user's session ID to a known value, then tricks the user into authenticating with that session ID. This allows the attacker to hijack the user's session and access sensitive information
upvoted 1 times
...
SukhoiF35
4 months, 3 weeks ago
Selected Answer: D
Web session security prevents an attacker from intercepting, brute forcing, or predicting the session ID issued by a web server to a user’s browser as proof of an authenticated session. However, this approach ignores the possibility of the attacker issuing a session ID to the user’s browser, forcing it to use the chosen session ID. This type of attack is called a session fixation attack because an attacker fixes the user's session ID in advance, instead of generating it randomly at the time of login.
upvoted 2 times
...
nicejob
4 months, 4 weeks ago
Selected Answer: D
session fixation, first attack get session id from victim, then wait victim logged attaack can get information Session ID is same
upvoted 1 times
...
cb56e21
5 months, 2 weeks ago
Selected Answer: C
In this question’s scenario, it’s the attacker’s account that is used, and the victim just funnels sensitive information into it. That’s the hallmark of a session donation attack.
upvoted 3 times
...
MHafizC
5 months, 2 weeks ago
Selected Answer: C
The answer should be session donation attack.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel