Register
A video-game developer has received reports of players who are cheating. All game players each have five capabilities that are ranked on a scale of 1 to 10 points, with 10 total points available for balance.
124k views
2 votes
A video-game developer has received reports of players who are cheating. All game players each have five capabilities that are ranked on a scale of 1 to 10 points, with 10 total points available for balance. Players can move these points between capabilities at any time. The programming logic is as follows:

✑ A player asks to move points from one capability to another.
✑ The source capability must have enough points to allow the move.
✑ The destination capability must not exceed 10 after the move.
✑ The move from source capability to destination capability is then completed.

The time stamps of the game logs show each step of the transfer process takes about 900ms. However, the time stamps of the cheating players show capability transfers at the exact same time. The cheating players have 10 points in multiple capabilities.

Which of the following is MOST likely being exploited to allow these capability transfers?

A. TOC/TOU
B. CSRF
C. Memory leak
D. XSS
E. SQL injection
F. Integer overflow

User Twomz
by
7.6k points

1 Answer

7 votes

Final answer:

a.(TOC/TOU)

The cheating players are exploiting a Time of Check to Time of Use (TOC/TOU) vulnerability in the game, which allows them to make capability transfers at the same time and thus have 10 points in multiple capabilities despite the overall point limit.

Step-by-step explanation:

The scenario described suggests that the cheating players are likely exploiting a Time of Check to Time of Use (TOC/TOU) vulnerability.

This occurs when a system checks the state of a resource (e.g., capability points) at one time, but then acts on that resource at a later time, allowing the state of the resource to be altered in between the check and the use.

This vulnerability allows players to perform capability transfers simultaneously, bypassing the intended 900ms delay, essentially duplicating the points before the game can update each capability's points.

In doing so, they end up with 10 points in multiple capabilities, which is against the rules of the game that allow a total of only 10 points to be distributed among all capabilities.

The cheating players are exploiting a Time of Check to Time of Use (TOC/TOU) vulnerability in the game, which allows them to make capability transfers at the same time and thus have 10 points in multiple capabilities despite the overall point limit.

User Kimbaudi
by
7.5k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

8.8m questions

11.4m answers

Other Questions

“What does it mean when we “rework” copyrighted material?”
The book shows how to add and subtract binary and decimal numbers. However, other numbering systems are also very popular when dealing with computers. The octal (base 8) numbering system is one of these.
Seven basic internal components found in a computer tower
Please help me ! All you do is just put it it all in your own words ! Please this is for my reported card!i don't know how to put it in my own words because my English is not that good!
describe an advance in technology that makes life more enjoyable. what discoveries contribute to this technology?
Link Copied!