nerdexam
EC-Council

312-50V10 · Question #526

A hacker was able to easily gain access to a website. He was able to log in via the frontend user login form of the website using default or commonly used credentials. This exploitation is an example

The correct answer is B. Insufficient database hardening. Gaining access via default or commonly known credentials exploits insufficient database hardening, where factory-set or weak credentials were never removed or changed.

Hacking Web Applications

Question

A hacker was able to easily gain access to a website. He was able to log in via the frontend user login form of the website using default or commonly used credentials. This exploitation is an example of what Software design flaw?

Options

  • AInsufficient security management
  • BInsufficient database hardening
  • CInsufficient input validation
  • DInsufficient exception handling

How the community answered

(57 responses)
  • A
    2% (1)
  • B
    89% (51)
  • C
    2% (1)
  • D
    7% (4)

Why each option

Gaining access via default or commonly known credentials exploits insufficient database hardening, where factory-set or weak credentials were never removed or changed.

AInsufficient security management

Insufficient security management refers to a broader organizational failure in policies, governance, and oversight - not the specific technical failure of leaving default credentials active in a database or application.

BInsufficient database hardeningCorrect

Insufficient database hardening means the database or application back-end was not secured according to best practices, including changing default credentials, disabling default accounts, and enforcing strong password policies. Leaving default or well-known passwords in place allows an attacker to authenticate without needing to exploit any logic flaw or vulnerability in the application code itself.

CInsufficient input validation

Insufficient input validation describes the failure to sanitize user-supplied input to prevent injection attacks such as SQL injection or XSS, which is unrelated to authenticating with default credentials.

DInsufficient exception handling

Insufficient exception handling refers to improper error management that may expose sensitive application details, not the vulnerability arising from unchanged default login credentials.

Concept tested: Database hardening and default credential vulnerabilities

Source: https://owasp.org/www-project-top-ten/

Topics

#default credentials#database hardening#authentication weaknesses#software design flaws

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice