A hacker was able to easily gain access to a website. He was able to log in via the frontend user login form of the website using default or commonly used credentials. This exploitation is an example of what Software design flaw?
A. Insufficient security management
B. Insufficient database hardening
C. Insufficient input validation
D. Insufficient exception handling
EC-Council Certified Ethical Hacker v11Free dumps for 312-50v11 in Printable PDF format.High quality PDF and software. VALID exam to help you pass. |
 |
|
Download Printable PDF. VALID exam to help you PASS. |
|
Software design flaw — i think B is ok. because attacker can use default pwd and common pwd to successfully login, which means it does not require to change pwd forcely or it allow to use weak pwd. so it’s design flaw which should be fixed by implement by restrict pwd policy.
The answer will be insufficient input validation because here no specific way used is used to validate the attempt.
Insufficient input validation, because hacker is trying to gain the access from front end and input validation is not taken care properly due to which hacker is able to gain the access.
Again, this is a stupid question. There is no mention to database, so attacker can use default credential on other authentication servers such as Basic authentication, Digest authentication, so on all authentication credentials are not required to store on Database.
So, in this case, the best answer is up to the real scenario, and the A answer is a general correct answer.
Answer should be C input Validation
could be A or B. is not A because security management is not a software design flaw, it’s a security management flaw
A. Insufficient security management
“default or commonly used credentials” are those ones provided by the vendors of hardware or software to perform the initial setup, then it is supposed to be changed (user and password or just the password) or deleted (if it is possible) to avoid abuses (as the hacker did). it’s a matter of security to perform that action.
I agree with B. If he is inputting a correct user id and password, validating user credentials will not help. He is not trying to use any database programming language. Whomever did the database configuration did not properly go through the steps of hardening the database to insure there were no trap doors or default credentials left to login with.
I would say this is A, security management.. But OK with B…
Answer is C man.
No it is not C. Default credentials pass input validation. If you got an admin:admin user:pass then input validation will not help you. It is B. (Or it could be something like misconfiguration / default credentials)
insufficient input validation ?
Wrong