CompTIA
CAS-003 · Question #517
CAS-003 Question #517: Real Exam Question with Answer & Explanation
The correct answer is D: A successful MITM attack Could intercept the redirect and use sslstrip to decrypt further HTTPS. The attacker can use sslstrip to change https to http and grab login data. HSTS would be the https://security.stackexchange.com/questions/41988/how-does-sslstrip-work
Question
An online bank has contracted with a consultant to perform a security assessment of the bank's web portal. The consultant notices the login page is linked from the main page with HTTPS, but when the URL is changed to HTTP, the browser is automatically redirected back to the HTTPS site. Which of the following is a concern for the consultant, and how can it be mitigated?
Options
- AXSS could be used to inject code into the login page during the redirect to the HTTPS site.
- BThe consultant is concerned the site is using an older version of the SSL 3.0 protocol that is
- CThe HTTP traffic is vulnerable to network sniffing, which could disclose usernames and
- DA successful MITM attack Could intercept the redirect and use sslstrip to decrypt further HTTPS
Explanation
The attacker can use sslstrip to change https to http and grab login data. HSTS would be the https://security.stackexchange.com/questions/41988/how-does-sslstrip-work
Community Discussion
No community discussion yet for this question.