Certified Ethical Hacker (CEH v11) — Question 339

Calvin, a grey-hat hacker, targets a web application that has design flaws in its authentication mechanism. He enumerates usernames from the login form of the web application, which requests users to feed data and specifies the incorrect field in case of invalid credentials. Later, Calvin uses this information to perform social engineering.
Which of the following design flaws in the authentication mechanism is exploited by Calvin?

Answer options

• A. Password reset mechanism
• B. Insecure transmission of credentials
• C. User impersonation
• D. Verbose failure messages

Correct answer: D

Explanation

The correct answer is D, as verbose failure messages provide specific feedback about incorrect inputs, which can be exploited by attackers like Calvin to gather information about valid usernames. Options A, B, and C do not directly relate to the exploitation of the authentication mechanism through detailed error messages, making them incorrect in this context.