Which vulnerability category includes weak authentication and session management?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI Approved Scanning Vendor (ASV) Test. Study with flashcards, multiple choice questions, hints, and explanations. Get exam ready!

Multiple Choice

Which vulnerability category includes weak authentication and session management?

Explanation:
Weak authentication and session management refers to flaws in how a system verifies identity and handles user sessions, including how credentials are stored, protected, and how session tokens are created, issued, managed, and invalidated. When this area is weak, an attacker can impersonate users or hijack sessions, gain unauthorized access, or perform actions as someone else. Examples include poor password policies or storage, lack of multi-factor protection, predictable or non-expiring session IDs, tokens exposed in URLs, weak logout invalidation, or session fixation. This is the category that directly describes those issues. Other options describe different problems: cross-site scripting involves injecting scripts into web pages, CSRF exploits a logged-in user to perform unwanted actions, and insecure direct object references involve accessing objects by manipulating references without proper authorization.

Weak authentication and session management refers to flaws in how a system verifies identity and handles user sessions, including how credentials are stored, protected, and how session tokens are created, issued, managed, and invalidated. When this area is weak, an attacker can impersonate users or hijack sessions, gain unauthorized access, or perform actions as someone else. Examples include poor password policies or storage, lack of multi-factor protection, predictable or non-expiring session IDs, tokens exposed in URLs, weak logout invalidation, or session fixation.

This is the category that directly describes those issues. Other options describe different problems: cross-site scripting involves injecting scripts into web pages, CSRF exploits a logged-in user to perform unwanted actions, and insecure direct object references involve accessing objects by manipulating references without proper authorization.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy