OpenID existing risks -CISSP

0 votes
everyone! I have a question that I cannot understand while I study for the CISSP.

The question to ask is:

What risk does letting the OpenlD dependent party manage the connection to the OpenlD provider introduce?

My response is:

The usename and password of the client might be taken by the relying party.

I believe that in order for the relying party to obtain the user ID and password, the user ID and password must be sent to the openID provider. The actual response is:

By transmitting information to a phoney OpenlD provider, it raises the chance of a phishing attack.

I don't see the distinction between phishing and password theft or why one would pick phishing.

Anyone able to offer me some advice? Thanks!
Apr 19, 2023 in Cyber Security & Ethical Hacking by anish
• 400 points

1 answer to this question.

0 votes
Both phishing and password theft are security risks associated with letting a third-party manage the connection to an OpenID provider. However, they are distinct threats with different mechanisms and implications.

Phishing is a social engineering attack where an attacker pretends to be a legitimate entity (such as an OpenID provider) to trick a user into disclosing sensitive information (such as login credentials). In the context of OpenID, a phishing attack may involve the relying party redirecting the user to a fake OpenID provider login page that looks like the real thing, but is actually controlled by the attacker. The user may then enter their OpenID credentials into the fake login page, which are then captured by the attacker.

On the other hand, password theft is a form of cyber attack where an attacker gains unauthorized access to stored passwords on a system or network. In the context of OpenID, a relying party that manages the connection to an OpenID provider could potentially store user credentials (such as username and password) on their system. If this information is not properly secured, it could be stolen by an attacker who gains access to the relying party's systems.

In summary, both phishing and password theft are risks associated with letting a third-party manage the connection to an OpenID provider. However, phishing is a social engineering attack that involves tricking users into revealing their credentials, while password theft is a technical attack that involves stealing stored credentials. It's important to be aware of both risks and take appropriate measures to mitigate them.
answered Apr 19, 2023 by Edureka
• 12,690 points

Related Questions In Cyber Security & Ethical Hacking

+4 votes
0 answers

What is the best way to pass CISSP Exam In first attempt?

Is CISSP Certification Worth. And What is ...READ MORE

Jun 25, 2019 in Others by Eric
• 320 points
+3 votes
2 answers
+1 vote
2 answers
0 votes
1 answer

Adding Keypair to existing EC2 instance

No you can't. The reason is KeyPair ...READ MORE

answered Apr 8, 2018 in AWS by code_ninja
• 6,290 points
0 votes
1 answer

Upgrading or Updating existing version of Selenium Java Project

I downloaded the java client driver from ...READ MORE

answered Apr 13, 2018 in Selenium by commander
0 votes
2 answers
0 votes
1 answer

How to get the already existing channels in Hyperledger v1.0?

You cannot see all available channels,  but you ...READ MORE

answered Jun 4, 2018 in Blockchain by Perry
• 17,100 points
0 votes
1 answer

How to add an App Settings to existing Azure Web Application using Azure Power Shell?

The example is for slot-specific settings, if ...READ MORE

answered Jun 13, 2018 in Azure by club_seesharp
• 3,450 points
0 votes
1 answer

Any simple way to add a Reserved IP address to an existing VM?

At Build 2015 they announced this is ...READ MORE

answered Jul 4, 2018 in Azure by null_void
• 3,220 points
0 votes
2 answers

Python: Using an existing google chrome profile with selenium chrome web driver

The problem is with the string "C:\Users\Eric\Desktop\beeline.txt" Here, \U starts an ...READ MORE

answered May 24, 2019 in Selenium by shinio llahsra
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP