Authentication Attacks Flashcards
What is Spoofing
Software based attack where the goal is to assume the identify of a user, process, or other unique identifier
What is MITM
Man in the Middle Attacks are where an attacker sits between two communicating hosts and transparently captures, monitors, and relays all communications between the two hosts
What is MITB
Man in the Browser attacks are when API calls between browsers and its DLLs are intercepted
What is an online Password Attack and what is the best way to prevent it from happening
An attack that involves guessing and entering passwords directly into a service - Guessing FaceBook password.
Best way to prevent it is by restricting the number of failed log on attempts
What is Password Spraying
Brute force attack in which multiple user accounts are tested with a dictionary of common passwords
What is credential stuffing
Brute force attack in which stolen user account names and passwords are tested against multiple websites.
The success of these attacks can be limited by using unique passwords for each service
What is Broken Authentication AND how can it occur
Vulnerability where the authentication mechanism allows an attacker to gain entry.
Weak Password requirements and methods
Credential exposure: App exposes credentials or authentication token to MITM
Session hijacking - the session keys are guessed.