<<< Previous question <<< Question ID#0503.md >>> Next question >>>
Which of the following statements best describes session fixation?
- A) An attacker forces an unsuspecting user to use a particular session. Once the user has authenticated the user can access the site with the user's elevated access level.
- B) An attacker embeds malicious JavaScript on a site which causes an unsuspecting authenticated user to perform a privileged action without their knowledge.
- C) An attacker embeds malicious JavaScript on a site which causes an unsuspecting authenticated user to transit sensitive information (such as session ID) to a third-party web site.
- D) An attacker discovers an unsuspecting authenticated user's session ID in order to access the site with the user's elevated access level.
Answer
Answer: A