Which vulnerability enables attackers to install malware or trick victims into disclosing passwords, often via unsafe redirects or forwards that bypass access controls?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which vulnerability enables attackers to install malware or trick victims into disclosing passwords, often via unsafe redirects or forwards that bypass access controls?

Explanation:
Unvalidated Redirects and Forwards involve a web application taking a destination URL from user input and redirecting or forwarding the user to that URL without proper validation. Attackers exploit this by crafting links that appear to come from a trusted site but actually point to attacker-controlled sites, where malware can be delivered or users can be tricked into entering passwords on a phishing page. Because the redirect can happen after the user has trusted the original site, it can bypass some access checks and move the user to a page or domain where credentials are collected or malware is served. The other options describe different issues—tampering with cookies to alter sessions, broad web service vulnerabilities, or intercepting cookies—to do not involve unsafe redirects or forwards, so they don’t match this scenario.

Unvalidated Redirects and Forwards involve a web application taking a destination URL from user input and redirecting or forwarding the user to that URL without proper validation. Attackers exploit this by crafting links that appear to come from a trusted site but actually point to attacker-controlled sites, where malware can be delivered or users can be tricked into entering passwords on a phishing page. Because the redirect can happen after the user has trusted the original site, it can bypass some access checks and move the user to a page or domain where credentials are collected or malware is served. The other options describe different issues—tampering with cookies to alter sessions, broad web service vulnerabilities, or intercepting cookies—to do not involve unsafe redirects or forwards, so they don’t match this scenario.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy