🔥 3-day streak
CompTIA PenTest+ (PT0-003)112 / 175
Question 112 of 175
During a web application assessment, a penetration tester notices that the application assigns a session identifier in the URL before login and continues to use that same identifier after the user authenticates. The tester sends a victim a crafted link containing a session ID the tester already knows, waits for the victim to log in, and then reuses the same session ID to access the victim's authenticated session. Which vulnerability did the tester exploit?
Reviewed for accuracy · Report an issueNext question