Register
Given the code snippet below: #include #include int main(void) { char username[8]; printf(Enter your username: ); gets(username) printf(n) if (username == NULL) {printf(you did not enter a username\\);
10.6k views
3 votes
Given the code snippet below:

#include
#include
int main(void) {
char username[8];
printf(Enter your username: );
gets(username)
printf(n)
if (username == NULL) {printf(you did not enter a username\\); }
it strcmp(username, admin) { printf(%s, Admin user, enter your physical token value: ); // rest of conditional logic here has been snipped for brevity } else { printf(Standard user, enter your password: ); // rest of conditional logic here has been snipped for brevity }}

Which of the following vulnerability types in the MOST concerning?

A. Only short usernames are supported, which could result in brute forcing of credentials.
B. Buffer overflow in the username parameter could lead to a memory corruption vulnerability.
C. Hardcoded usernames with different code paths taken depend on which user is entered.
D. Format string vulnerability is present for admin users but not for standard users.

User SamYan
by
7.8k points

1 Answer

3 votes

Final answer:

The vulnerability type in the code snippet that is most concerning is buffer overflow in the username parameter which could lead to a memory corruption vulnerability. Option B is correct..

Step-by-step explanation:

The vulnerability type in the code snippet that is most concerning is B. Buffer overflow in the username parameter could lead to a memory corruption vulnerability. A buffer overflow occurs when the amount of data written to a buffer exceeds its capacity, potentially overwriting adjacent memory and causing unexpected behavior or a crash. In this code, the username array has a capacity of 8 characters, but no bounds checking is performed on the input, allowing for an attacker to write more than 8 characters and potentially corrupt memory

For example, if an attacker enters a username longer than 8 characters, they can overflow the username buffer and overwrite adjacent memory, potentially gaining unauthorized access or causing the program to crash.By exploiting this vulnerability, an attacker could execute arbitrary code, gain unauthorized access to sensitive data, or cause the program to crash, leading to a denial of service.

User LampShadesDrifter
by
7.4k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

8.9m questions

11.6m answers

Other Questions

Seven basic internal components found in a computer tower
Please help me ! All you do is just put it it all in your own words ! Please this is for my reported card!i don't know how to put it in my own words because my English is not that good!
describe an advance in technology that makes life more enjoyable. what discoveries contribute to this technology?
Disadvantages of using animation in advertising? advantages and disadvantages of using animation for education? advantages and disadvantages of using animation in entertainment?
Explain why binary codes are used to represent characters, numbers and symbols :)
Link Copied!