Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25

- Free Preparation Discussions

Eccouncil Exam 312-50v11 Topic 2 Question 66 Discussion

Actual exam question for Eccouncil's 312-50v11 exam

Question #: 66
Topic #: 2

[All 312-50v11 Questions]

Calvin, a grey-hat hacker, targets a web application that has design flaws in its authentication mechanism. He enumerates usernames from the login form of the web application, which requests users to feed data and specifies the incorrect field in case of invalid credentials. Later, Calvin uses this information to perform social engineering.

Which of the following design flaws in the authentication mechanism is exploited by Calvin?

AInsecure transmission of credentials

BVerbose failure messages

CUser impersonation

DPassword reset mechanism

Show Suggested Answer

Suggested Answer: D

by Iluminada at Feb 08, 2024, 01:07 AM

Limited Time Offer

25%

Off

Get Premium 312-50v11 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Gianna

6 months ago

I think it's Password reset mechanism that Calvin is exploiting, as he might be using the usernames to reset passwords.

upvoted 0 times

...

Sommer

7 months ago

User impersonation allows a hacker to pretend to be someone else, so that could be a possibility too.

upvoted 0 times

...

Quiana

7 months ago

But could it also be User impersonation that Calvin is exploiting in this scenario?

upvoted 0 times

...

Cherrie

7 months ago

I agree with Sommer, revealing which field is incorrect can help Calvin with social engineering.

upvoted 0 times

...

Sommer

7 months ago

I think Calvin is exploiting the Verbose failure messages.

upvoted 0 times

...

az-700 pass4success az-104 200-301 200-201 cissp 350-401 350-201 350-501 350-601 350-801 350-901 az-720 az-305 pl-300

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77