Why do you think this is possible?

Annie has just succeeded in stealing a secure cookie via a XSS attack. She is able to replay the
cookie even while the session is invalid on the server. Why do you think this is possible?

Annie has just succeeded in stealing a secure cookie via a XSS attack. She is able to replay the
cookie even while the session is invalid on the server. Why do you think this is possible?

A.
It works because encryption is performed at the application layer (single encryption key)

B.
The scenario is invalid as a secure cookie cannot be replayed

C.
It works because encryption is performed at the network layer (layer 1 encryption)

D.
Any cookie can be replayed irrespective of the session status



Leave a Reply 0

Your email address will not be published. Required fields are marked *