Your company is building an application for a customer. You need to write a function to check whether the system user is an administrator with super powers.
Please take the next step and identify the vulnerability.
After a quick review, your boss has identified a vulnerability in the code that creates a risk for your company, and has asked you to remediate the error.
1#include<stdio.h>
2#include<string.h>
3
4int VerifyAdmin(char *password) {
5 if (strcmp(password, "68af404b513073584c4b6f22b6c63e6b")) {
6 printf("Wrong password!\n");
7 return(0);
8 }
9 printf("System locked.\n");
10 return(1);
11}
Use the DEVELOPER SURVEY link bellow to answer the challenge. ( Please notice that will be redirected to jotform.com)
The vulnerability is on the line five (5). The developer left a hardcoded (68af404b513073584c4b6f22b6c63e6b
) credential on the code.
1#include<stdio.h>
2#include<string.h>
3
4int VerifyAdmin(char *password) {
5 if (strcmp(password, "68af404b513073584c4b6f22b6c63e6b")) {
6 printf("Wrong password!\n");
7 return(0);
8 }
9 printf("System locked.\n");
10 return(1);
11}
It looks obvious but believe or not, this is a very common vulnerability. Never ever store credentials on the code.