During an external penetration test you discover a short-lived session token for an administrative account embedded in a public Git repository. Which of the following best explains why this finding is considered high severity?
Short-lived tokens are encrypted in transit and cannot be reused even if intercepted, so the impact is negligible.
An attacker who obtains the token before it expires can perform privileged actions without needing to provide credentials.
Modern browsers automatically detect and invalidate leaked session tokens, so actual exploitation is unlikely.
Because the token expires quickly, defenders will not be able to recover forensic evidence, making incident response impossible.
A session token functions as proof of an already authenticated and authorized session. If an attacker retrieves a valid token before it expires, the attacker can impersonate the user and carry out any actions the account is permitted to perform, bypassing password and MFA checks until the token is revoked or times out. Tokens are not automatically invalidated by browsers, nor are they inherently encrypted against reuse, so exposure presents an immediate threat. Rapid expiration also does not prevent exploitation, because many critical actions can be executed in seconds.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are ephemeral items in the context of cybersecurity?
Open an interactive chat with Bash
How can attackers locate ephemeral items during enumeration?
Open an interactive chat with Bash
What best practices can prevent the misuse of ephemeral items?