Why do you think this is possible?

Annie has just succeeded in stealing a secure cookie via a XSS attack. She is able to replay the cookie even while the session is valid on the server. Why do you think this is possible?

Annie has just succeeded in stealing a secure cookie via a XSS attack. She is able to replay the cookie even while the session is valid on the server. Why do you think this is possible?

A.
It works because encryption is performed at the application layer (single encryption key)

B.
It works because encryption is performed at the network layer (layer 1 encryption)

C.
Any cookie can be replayed irrespective of the session status

D.
The scenario is invalid as a secure cookie cannot be replayed

Explanation:
Single key encryption (conventional cryptography) uses a single word or phrase as the key. The same key is used by the sender to encrypt and the receiver to decrypt. Sender and receiver initially need to have a secure way of passing the key from one to the other. With TLS or SSL this would not be possible.



Leave a Reply 1

Your email address will not be published. Required fields are marked *


Catalin

Catalin

A is the correct answer