During a penetration test, an analyst examines the traffic between a client workstation and an internal web server. The analyst notices that while the initial connection attempts to use HTTPS, it is being downgraded to unencrypted HTTP. This allows the analyst to capture login credentials in cleartext. Which of the following attacks BEST describes this situation?
This scenario accurately describes an on-path attack, formerly known as a Man-in-the-Middle (MITM) attack. A common technique used in on-path attacks is SSL stripping, where the attacker intercepts the TLS handshake and forces the connection to downgrade to unencrypted HTTP, allowing them to read and manipulate the traffic. A Denial-of-Service (DoS) attack aims to make a service unavailable, which is not the primary goal here. A replay attack involves capturing and re-transmitting valid data, which is different from downgrading an encrypted connection. A brute-force attack is a method of trying many passwords to gain access, not intercepting traffic.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SSL stripping?
Open an interactive chat with Bash
How does an on-path attack differ from a replay attack?
Open an interactive chat with Bash
Why are TLS handshakes important for HTTPS connections?