🔥 3-day streak
CompTIA PenTest+ (PT0-003)91 / 175
Question 91 of 175

During a web application assessment, a tester examines an OAuth 2.0 authorization code flow. The authorization server validates the redirect_uri parameter using only a prefix match (it checks that the value begins with https://app.example.com). The tester notices the client application also hosts an open redirect at https://app.example.com/go?url=. Which attack does this combination most directly enable?

Reviewed for accuracy · Report an issueNext question