nerdexam
GIAC

GCIH · Question #175

Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is ea

The correct answer is A. Replay. Eve intercepts and stores valid authentication credentials from a live session, then retransmits them later to impersonate Alice - this is a textbook replay attack.

Vulnerability Exploitation & Privilege Escalation

Question

Alice wants to prove her identity to Bob. Bob requests her password as proof of identity, which Alice dutifully provides (possibly after some transformation like a hash function); meanwhile, Eve is eavesdropping the conversation and keeps the password. After the interchange is over, Eve connects to Bob posing as Alice; when asked for a proof of identity, Eve sends Alice's password read from the last session, which Bob accepts. Which of the following attacks is being used by Eve?

Options

  • AReplay
  • BFirewalking
  • CSession fixation
  • DCross site scripting

How the community answered

(28 responses)
  • A
    93% (26)
  • B
    4% (1)
  • C
    4% (1)

Why each option

Eve intercepts and stores valid authentication credentials from a live session, then retransmits them later to impersonate Alice - this is a textbook replay attack.

AReplayCorrect

A replay attack occurs when an adversary captures a valid authentication credential or session token in transit and retransmits it later to gain unauthorized access without needing to know the underlying secret. In this scenario, Eve eavesdrops on Alice's password exchange, stores it, and presents it to Bob in a new session. Common mitigations include one-time nonces, timestamps, and session tokens that are invalidated after a single use.

BFirewalking

Firewalking is a network reconnaissance technique that uses crafted TTL-manipulated packets to map firewall ACL rules; it does not involve capturing or replaying credentials.

CSession fixation

Session fixation forces a victim to authenticate using an attacker-supplied session ID, which is distinct from capturing and replaying a password from a previous legitimate session.

DCross site scripting

Cross-site scripting (XSS) injects malicious client-side scripts into pages viewed by other users to steal data or hijack sessions; it does not describe offline credential capture and retransmission.

Concept tested: Replay attack using intercepted credentials

Source: https://csrc.nist.gov/glossary/term/replay_attack

Topics

#replay attack#eavesdropping#authentication bypass#credential theft

Community Discussion

No community discussion yet for this question.

Full GCIH Practice