What is the name of the tactic where the attacker fixes a session by injecting a session ID into the victim's browser?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

What is the name of the tactic where the attacker fixes a session by injecting a session ID into the victim's browser?

This tactic is known as session fixation. The attacker fixes a session by injecting or delivering a specific session identifier into the victim’s browser before the user logs in. For example, the attacker may provide a link that contains a chosen session ID or cause the browser to accept a pre-set cookie. When the user then authenticates, the server continues using that same session ID, allowing the attacker to hijack the authenticated session by simply using the same ID. This is why it’s critical to rotate or regenerate the session ID after login and to bind sessions to the authenticated user, along with using secure, httpOnly cookies and avoiding URL-based session IDs.

What is the name of the tactic where the attacker fixes a session by injecting a session ID into the victim's browser?

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

What is the name of the tactic where the attacker fixes a session by injecting a session ID into the victim's browser?

Get the latest from Examzify