Certified Ethical Hacker (CEH v12) — Question 36
Boney, a professional hacker, targets an organization for financial benefits. He performs an attack by sending his session ID using an MITM attack technique. Boney first obtains a valid session ID by logging into a service and later feeds the same session ID to the target employee. The session ID links the target employee to Boney’s account page without disclosing any information to the victim. When the target employee clicks on the link, all the sensitive payment details entered in a form are linked to Boney’s account.
What is the attack performed by Boney in the above scenario?
Answer options
- A. Forbidden attack
- B. CRIME attack
- C. Session donation attack
- D. Session fixation attack
Correct answer: C
Explanation
The correct answer is C, Session donation attack, because Boney successfully tricks the target employee into using his session ID, allowing him to access sensitive information. The other options, such as Forbidden attack, CRIME attack, and Session fixation attack, do not accurately describe the method used to exploit the session ID in this context.