Authentication Attacks Flashcards

1
Q

What is Spoofing

A

Software based attack where the goal is to assume the identify of a user, process, or other unique identifier

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is MITM

A

Man in the Middle Attacks are where an attacker sits between two communicating hosts and transparently captures, monitors, and relays all communications between the two hosts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is MITB

A

Man in the Browser attacks are when API calls between browsers and its DLLs are intercepted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is an online Password Attack and what is the best way to prevent it from happening

A

An attack that involves guessing and entering passwords directly into a service - Guessing FaceBook password.

Best way to prevent it is by restricting the number of failed log on attempts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Password Spraying

A

Brute force attack in which multiple user accounts are tested with a dictionary of common passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is credential stuffing

A

Brute force attack in which stolen user account names and passwords are tested against multiple websites.

The success of these attacks can be limited by using unique passwords for each service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Broken Authentication AND how can it occur

A

Vulnerability where the authentication mechanism allows an attacker to gain entry.

Weak Password requirements and methods
Credential exposure: App exposes credentials or authentication token to MITM
Session hijacking - the session keys are guessed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly