CompTIA PenTest+ (PT0-003) — Question 103

A penetration tester is performing an assessment focused on attacking the authentication identity provider hosted within a cloud provider. During the reconnaissance phase, the tester finds that the system is using OpenID connect with OAuth and has dynamic registration enabled. Which of the following attacks should the tester try first?

Answer options

• A. A password-spraying attack against the authentication system
• B. A brute-force attack against the authentication system
• C. A replay attack against the authentication flow in the system
• D. A mask attack against the authentication system

Correct answer: C

Explanation

The correct answer is C, as a replay attack can exploit the dynamic registration feature by capturing and reusing tokens. Options A and B may require valid credentials, which are less likely to be obtained in a system with dynamic registration. Option D, a mask attack, is not directly relevant to the vulnerabilities associated with OpenID Connect and OAuth.