OpenID existing risks -CISSP

0 votes
everyone! I have a question that I cannot understand while I study for the CISSP.

The question to ask is:

What risk does letting the OpenlD dependent party manage the connection to the OpenlD provider introduce?

My response is:

The usename and password of the client might be taken by the relying party.

I believe that in order for the relying party to obtain the user ID and password, the user ID and password must be sent to the openID provider. The actual response is:

By transmitting information to a phoney OpenlD provider, it raises the chance of a phishing attack.

I don't see the distinction between phishing and password theft or why one would pick phishing.

Anyone able to offer me some advice? Thanks!
Apr 19, 2023 in Cyber Security & Ethical Hacking by anish
• 400 points
394 views

1 answer to this question.

0 votes
Both phishing and password theft are security risks associated with letting a third-party manage the connection to an OpenID provider. However, they are distinct threats with different mechanisms and implications.

Phishing is a social engineering attack where an attacker pretends to be a legitimate entity (such as an OpenID provider) to trick a user into disclosing sensitive information (such as login credentials). In the context of OpenID, a phishing attack may involve the relying party redirecting the user to a fake OpenID provider login page that looks like the real thing, but is actually controlled by the attacker. The user may then enter their OpenID credentials into the fake login page, which are then captured by the attacker.

On the other hand, password theft is a form of cyber attack where an attacker gains unauthorized access to stored passwords on a system or network. In the context of OpenID, a relying party that manages the connection to an OpenID provider could potentially store user credentials (such as username and password) on their system. If this information is not properly secured, it could be stolen by an attacker who gains access to the relying party's systems.

In summary, both phishing and password theft are risks associated with letting a third-party manage the connection to an OpenID provider. However, phishing is a social engineering attack that involves tricking users into revealing their credentials, while password theft is a technical attack that involves stealing stored credentials. It's important to be aware of both risks and take appropriate measures to mitigate them.
answered Apr 19, 2023 by Edureka
• 12,690 points

Related Questions In Cyber Security & Ethical Hacking

0 votes
0 answers

How worth it is the CISSP?

How worth it is the CISSP? READ MORE

Oct 14 in Cyber Security & Ethical Hacking by Anupam
• 2,710 points
39 views
0 votes
1 answer

How worth it is the CISSP?

I passed through the process of achieving ...READ MORE

answered Oct 25 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 1,400 points
32 views
+4 votes
0 answers

What is the best way to pass CISSP Exam In first attempt?

Is CISSP Certification Worth. And What is ...READ MORE

Jun 25, 2019 in Others by Eric
• 320 points
1,179 views
+3 votes
2 answers
+1 vote
2 answers
0 votes
1 answer

Adding Keypair to existing EC2 instance

No you can't. The reason is KeyPair ...READ MORE

answered Apr 8, 2018 in AWS by code_ninja
• 6,300 points
1,321 views
0 votes
1 answer

Upgrading or Updating existing version of Selenium Java Project

I downloaded the java client driver from ...READ MORE

answered Apr 13, 2018 in Selenium by commander
2,306 views
0 votes
2 answers
0 votes
1 answer

How to get the already existing channels in Hyperledger v1.0?

You cannot see all available channels,  but you ...READ MORE

answered Jun 4, 2018 in Blockchain by Perry
• 17,100 points
2,486 views
0 votes
1 answer

How to add an App Settings to existing Azure Web Application using Azure Power Shell?

The example is for slot-specific settings, if ...READ MORE

answered Jun 13, 2018 in Azure by club_seesharp
• 3,450 points
1,418 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP