Certified Information Systems Security Professional (CISSP) — Question 78

A cloud service accepts Security Assertion Markup Language (SAML) assertions from users to exchange authentication and authorization data between security domains. However, an attacker was able to spoof a registered account on the network and query the SAML provider. What is the MOST common attack leveraged against this flaw?

Answer options

• A. Attacker leverages SAML assertion to register an account on the security domain.
• B. Attacker forges requests to authenticate as a different user.
• C. Attacker exchanges authentication and authorization data between security domains.
• D. Attacker conducts denial-of-service (DoS) against the security domain by authenticating as the same user repeatedly.

Correct answer: B

Explanation

The correct answer is B because attackers often forge authentication requests to assume the identity of another user, exploiting the SAML assertion. Option A is incorrect as it refers to account registration, which isn't the immediate concern here. Option C describes the legitimate function of SAML, not an attack. Option D pertains to a denial-of-service attack, which is not the primary exploitation method in this scenario.