Discover how an on-path attack can compromise user accounts and force users to access an internal portal through unsecured HTTP instead of HTTPS. Learn to identify and prevent such attacks to maintain the security of your company’s sensitive data.
Table of Contents
Question
A company’s user accounts have been compromised. Users are also reporting that the company’s internal portal is sometimes only accessible through HTTP, other times; it is accessible through HTTPS. Which of the following most likely describes the observed activity?
A. There is an issue with the SSL certificate causing port 443 to become unavailable for HTTPS access
B. An on-path attack is being performed by someone with internal access that forces users into port 80
C. The web server cannot handle an increasing amount of HTTPS requests so it forwards users to port 80
D. An error was caused by BGP due to new rules applied over the company’s internal routers
Answer
B. An on-path attack is being performed by someone with internal access that forces users into port 80
Explanation
An on-path attack, also known as a man-in-the-middle (MITM) attack, is the most likely explanation for the observed activity. In this scenario, an attacker with internal access intercepts the communication between users and the company’s internal portal. The attacker then manipulates the traffic, forcing users to access the portal through the unsecured HTTP protocol on port 80 instead of the encrypted HTTPS protocol on port 443.
This attack allows the attacker to view and potentially modify sensitive data transmitted between users and the portal. It also explains the intermittent nature of the issue, as the attacker may not always be actively intercepting the traffic, resulting in users sometimes being able to access the portal through HTTPS.
The other options are less likely:
A. An SSL certificate issue would consistently prevent HTTPS access, not intermittently.
C. A web server unable to handle HTTPS requests would not selectively forward users to HTTP.
D. BGP errors caused by internal router rules would not specifically target HTTPS traffic.
CompTIA CySA+ CS0-003 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the CompTIA CySA+ CS0-003 exam and earn CompTIA CySA+ CS0-003 certification.