Certified Ethical Hacker (CEH v13) — Question 218

Calvin, a grey-hat hacker, targets a web application that has design flaws in its authentication mechanism. He enumerates usernames from the login form of the web application, which requests users to feed data and specifies the incorrect field in case of invalid credentials. Later, Calvin uses this information to perform social engineering.
Which of the following design flaws in the authentication mechanism is exploited by Calvin?

Answer options

• A. User impersonation
• B. Insecure transmission of credentials
• C. Password reset mechanism
• D. Verbose failure messages

Correct answer: D

Explanation

The correct answer is D, as verbose failure messages disclose specific information about which field is incorrect, allowing attackers to gather valid usernames. The other options do not directly relate to the information gleaned from the login form that Calvin exploits for social engineering.