312-50v13 Exam QuestionsBrowse all questions from this exam
Go to Exam

312-50v13 Exam - Question 34

Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID links the target employee to Boney’s account page without disclosing any information to the victim. When the target employee clicks on the link, all the sensitive payment details entered in a form are linked to Boney’s account.

What is the attack performed by Boney in the above scenario?

Show Answer
Correct Answer:

Discussion

11 comments
Sign in to comment
MHafizCOption: C
Jan 14, 2025

The answer should be session donation attack.

cb56e21Option: C
Jan 16, 2025

In this question’s scenario, it’s the attacker’s account that is used, and the victim just funnels sensitive information into it. That’s the hallmark of a session donation attack.

SukhoiF35Option: D
Feb 12, 2025

Web session security prevents an attacker from intercepting, brute forcing, or predicting the session ID issued by a web server to a user’s browser as proof of an authenticated session. However, this approach ignores the possibility of the attacker issuing a session ID to the user’s browser, forcing it to use the chosen session ID. This type of attack is called a session fixation attack because an attacker fixes the user's session ID in advance, instead of generating it randomly at the time of login.

killwitchOption: D
Feb 28, 2025

D. Session fixation attack. Session fixation attack is a technique where an attacker forces a pre-determined session ID onto a victim. The goal is to trick the victim into using the attacker's session ID, allowing the attacker to hijack the session once the victim authenticates.

agastya_5272Option: D
Mar 1, 2025

The correct answer is: D. Session fixation attack A session fixation attack is a type of attack where an attacker fixes a session ID on a user's device, allowing the attacker to hijack the user's session. In this scenario: 1. Boney obtains a valid session ID by logging into a service. 2. He feeds the same session ID to the target employee using an MITM (Man-in-the-Middle) attack technique. 3. When the target employee clicks on the link, they are linked to Boney's account page without disclosing any information to the victim. 4. The sensitive payment details entered by the target employee are linked to Boney's account. OPTION C: Its not an any cyber attack .

nicejobOption: D
Feb 4, 2025

session fixation, first attack get session id from victim, then wait victim logged attaack can get information Session ID is same

BooictOption: D
Feb 27, 2025

D - In a session fixation attack, the attacker sets a user's session ID to a known value, then tricks the user into authenticating with that session ID. This allows the attacker to hijack the user's session and access sensitive information

joiejijhfriOption: C
Apr 14, 2025

boney is giving her session to the victim. so she is donating, therefore its session donation attack

mulekuleOption: D
Apr 15, 2025

Session Fixation Attack. In this scenario, Boney manipulates the session ID to trick the target employee into using a session that is already linked to Boney's account. By doing so, any sensitive information entered by the victim gets associated with Boney's account, allowing him to exploit the data for financial gain.

CherubaelOption: C
Apr 23, 2025

The attack described in the scenario is a Session donation attack. In this technique, the attacker provides their own valid session ID to the victim.

CherubaelOption: C
Apr 28, 2025

Session fixation usually happens before the victim logs in, whereas session donation happens after the attacker already logged in.