200-901 · Question #361
200-901 Question #361: Real Exam Question with Answer & Explanation
The correct answer is A: The encoded credentials were available in the source code.. The source code, publicly available on GitHub, included an example environment variable setup that exposed the encrypted form of a password, allowing an attacker to gain access.
Question
Refer to the exhibit. A developer is part of a team that is working on an open-source project in which source code is hosted in a public GitHub repository. While the application was built, security concerns were addressed by encrypting the credentials on the server. After a few months, the developer realized that a hacker managed to gain access to the account. The exhibit contains part of the source code for the login process. Why was the attacker able to access the developer's account?
Options
- AThe encoded credentials were available in the source code.
- BThe application was not encrypting the communication with the server.
- CThe credentials were encrypted in the source code.
- DAn SSL certificate was used instead of the TLS protocol to authenticate.
Explanation
The source code, publicly available on GitHub, included an example environment variable setup that exposed the encrypted form of a password, allowing an attacker to gain access.
Common mistakes.
- B. The question does not provide information about communication encryption; the issue stems from credential exposure in the code itself.
- C. Encrypting credentials on the server is a good practice, but if the encrypted form of the credential is then exposed in source code, it negates the protection.
- D. SSL certificates are used for secure communication (TLS), which is separate from the issue of exposing credentials directly in publicly accessible source code.
Concept tested. Credential management and security in source code
Reference. null
Topics
Community Discussion
No community discussion yet for this question.