A security administrator is investigating many recent incidents of credential theft for users accessing the company’s website, despite the hosting web server requiring HTTPS for access. The server’s logs show the website leverages the HTTP POST method for carrying user authentication details.
Which of the following is the MOST likely reason for compromise?
A. The HTTP POST method is not protected by HTTPS.
B. The web server is running a vulnerable SSL configuration.
C. The HTTP response is susceptible to sniffing.
D. The company doesn’t support DNSSEC.