Question: After gaining a full understanding of what the code does and with the details provided above, you are to track the vulnerability in the code.

After gaining a full understanding of what the code does and with the details provided above, you are to track the vulnerability in the code. You have to figure out what might be the possible flaws in the code that an attacker might take advantage of (you have to start thinking like a hacker!). Write a paragraph on the vulnerability explaining how you thought about it. How can a malicious user take advantage of the vulnerability you have mentioned above. Be very concise here as well. Be sure to mention your chain of thoughts while analyzing the code which led to the specific conclusion by you about the vulnerability.

import java.util.List;

import java.Util.*;

/*-This is a java code that performs a certain utility.

-To reduce code size some of the methods and souce codes to higher

classes/dependencies have been deleted.

-The afore deleted methods, which are used here are straight forward to

understand like makeLoginPage, makeUser etc....

*/ /***************************************************************************************************/

public class FOAuthenticate extends WeakCookie

{

protected Element createContent(WebSession s)

{

boolean logout = s.getParser().getBooleanParameter(LOGOUT, false);

if (logout)

{

s.setMessage("Goodbye!");

s.eatCookies();

return (makeLoginPage(s));

}

try

{

String username = "";

String password = "";

try

{

username = s.getParser().getRawParameter(USERNAME);

password = s.getParser().getRawParameter(PASSWORD);

// if credentials are bad, ask for login again

if (username.equals("") || !password.equals(""))

{

s.setMessage("Invalid username and password entered.");

return (makeLoginPage(s));

}

catch (Exception e)

{

if (username.length() > 0 && e.getMessage().indexOf("not found") != -1)

{

if ((username != null) && (username.length() > 0))

{

makeSuccess(s);

return (makeUser(s, username, "Welcome!!!!"));

} } }

if (password.length() == 0)

{

if (username.length() != 0)

{

s.setMessage("Invalid username and password entered.");

}

return (makeLoginPage(s));

}

if ((username != null) && (username.length() > 0) &&(password.length() >0) && (password!=null))

{

if (ValidateUserCredentials(username,password))

{

makeSuccess(s);

}

else {

return (makeUser(s, username,"You Haven't been Verified."));

} }

}

catch (Exception e)

{

s.setMessage("Error generating " + this.getClass().getName());

} return (makeLoginPage(s));

} }}

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock blur-text-image

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

C HAP TER 1 Culturally Intelligent Leadership Matters The rst time I taught cultural intelligence principles to a group of executives in Minnesota, I miscalculated the time and distance it would take...

Copyright 2007 by Kelley School of Business, Indiana University. For reprints, call HBS Publishing at (800) 545-7685. For the exclusive use of A. Alnajrani, 2016. BH 257 Business Horizons (2007) 50,...

ISLAND FARMS INC. INTRODUCTION Island Farms Inc. (IFI) is a large private company complying with the Accounting Standards for Private Enterprises (ASPE). The shareholder group is concentrated, with...

INTRODUCTION Bazar Stores Company Ltd (Bazar) is one of the largest food retailers in Ghana, employing over 2,500 staff in over 75 locations across the country. Bazar started its business operations...

Capability Map, Value Stream and ArchiMate Modelling (Enterprise Architecture) To create an enterprise architecture describing a service delivery business and IT systems, based on a background of an...

Use case CASE 1.9 ZZZZ Best Company, Inc. On May 19, 1987, a short article in the Wall Street Journal reported that ZZZZ Best Company, Inc., of Reseda, California, had signed a contract for a $13.8...

Introduction and learning objectives When you were learning about operational analysis earlier in the term, we talked about jobs that require multiple visits to the CPU (or servers) to receive their...

please answer attached file PERFORMANCE PLANNING Discuss, agree, mutually commit to and complete this template with the employee. Print out and sign to recognise agreement. Work executed (outputs,...

ZZZZ Best Company, Inc. ZZZZ Best Company, Inc. On May 19, 1987, a short article in the Wall Street Journal reported that ZZZZ Best Company, Inc., of Reseda, California, had signed a contract for a...

You are the assistant to the CEO of Shatin Enterprises, a wholesale distributor of consumer goods. You are assisting the CEO in the planning and budgeting process. At March 31 Shatin Enterprises...

You are bullish on company ABC and company XYZ. Suppose you have $2 million to invest. You consider four different investment strategies in the form of portfolios: Note that we assume the variances...

Bear Bank has the following assets and liabilities as of year-end. All assets and liabilities are currently priced at par and pay interest annually. Assets: Asset Type Amount Interest Rate 2-year...

Is job order costing is the costing method uses actual direct materials , actual direct labour, and actual manufacturing overhead costs to calculate the cost of a product

Question Can any type of stock or securities be used in an ESOP?

Question Can a self-employed person adopt a money purchase plan?

Question Can a participant in a qualified profit sharing plan use his profit sharing account to purchase insurance on the life of his spouse (or the joint lives of himself and his spouse)?