Question: Following is a simple password checker program. What is wrong with the following code? (i.e., What vulnerability exists in the code?). Explain how the exploit

Following is a simple password checker program. What is wrong with the following code? (i.e., What vulnerability exists in the code?). Explain how the exploit will work and what kind of inputs will allow the attacker to bypass the password check and gain root privileges.

#include

#include

int main(void)

{

char buff[15];

int pass = 0;

printf(" Enter the password : ");

gets(buff);

if(strcmp(buff, "uabblazersrock"))

{

printf (" Wrong Password ");

}

else

{

printf (" Correct Password ");

pass = 1;

}

if(pass)

{

/* Now Give root or admin rights to user*/

printf (" Root privileges given to the user ");

}

return 0;

}

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

Following is a simple password checker program. What is wrong with the following code? (i.e., What vulnerability exists in the code?). Explain how the exploit will work and what kind of inputs will...

Q:

Following is a simple password checker program. What is wrong with the following code? (i.e., What vulnerability exists in the code?). Explain how the exploit will work and what kind of inputs will...

Q:

Following is a simple password checker program. What is wrong with the following code? (i.e., What vulnerability exists in the code?). Explain how the exploit will work and what kind of inputs will...

Q:

Following is a simple password checker program. What is wrong with the following code? (i.e., What vulnerability exists in the code?). Explain how the exploit will work and what kind of inputs will...

Q:

A creative engineer suggests structuring the TLB so that not all the bits of the presented address need match to result in a hit. Suggest how this might be achieved, and what might be the costs and...

Q:

This question involves the use of AGGREGATE linear PYTHOIN regression on the Auto data set. (a) Perform a simple linear regression with mpg as the response and horsepower as the predictor. Describe...

Q:

Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which...

Q:

answer the question clearly You are building a flight-control system for which a convincing safety case must be made. Would you assign the tasks of safety requirements engineering, test case...

Q:

Homework Question - Prepare an analysis of a casefrom Chapter 5, page # 121, '' A Wolf In Sheeps Clothing '' (no more than 2 or 3 pages, double spaced). And give an answer on following: - A summary...

Q:

Compile and test your new version of Line class that you create and hand it in as Assignment 2. Update the documentation to reflect the changes you have made. A nice way to do this is to add a...

Q:

You buy an annuity that will pay you $24,000 annually for 25 years. The payments are paid on the first day of each year. What is the value of this annuity today if the discount rate is 8.5 percent?

Q:

74-2.1 The measurement is 11.500 A. Find the precision 00 00 The precision of the measurement is 0.001 A. The precision of the measurement is 0.0001 A. The precision of the measurement is 0.01 A. The...

Q:

Corporation X had outstanding 1 0 0 shares of voting common stock of which A and B each owned 5 0 shares. In order to bring C into the business with an equal stock interest, and pursuant to an...

Q:

Compared with half a century ago, adoption has become _ _ _ _ _ _ _ _ _ common, but it is more open and acceptabl e , so we probably discuss it _ _ _ _ _ _ _ . fill in the blanks more or much less or...

Q:

3. Have you ever developed an analytics report for users from scratch? What BI tools, or tools and data sets, did you use? Can you talk more about how you worked with users to elicit the information...

Q:

2. In your experience with data analysis and business intelligence, did you ever work with tools that were not as user-friendly as they could have been? What would you have recommended to improve the...

Q:

Project management skills and/or experience desirable