Checking user persmissions

Your company is building an application for a customer. You need to write a function to check whether the system user is an administrator with super powers.

Please take the next step and identify the vulnerability.

After a quick review, your boss has identified a vulnerability in the code that creates a risk for your company, and has asked you to remediate the error.

 1#include<stdio.h>
 2#include<string.h>
 3
 4int VerifyAdmin(char *password) {
 5	if (strcmp(password, "68af404b513073584c4b6f22b6c63e6b")) {
 6		printf("Wrong password!\n");
 7		return(0);
 8	}
 9	printf("System locked.\n");
10	return(1);
11}

Use the DEVELOPER SURVEY link bellow to answer the challenge. ( Please notice that will be redirected to jotform.com)

The vulnerability is on the line five (5). The developer left a hardcoded (68af404b513073584c4b6f22b6c63e6b) credential on the code.

 1#include<stdio.h>
 2#include<string.h>
 3
 4int VerifyAdmin(char *password) {
 5	if (strcmp(password, "68af404b513073584c4b6f22b6c63e6b")) {
 6		printf("Wrong password!\n");
 7		return(0);
 8	}
 9	printf("System locked.\n");
10	return(1);
11}

It looks obvious but believe or not, this is a very common vulnerability. Never ever store credentials on the code.

KEY TAKE AWAYS:

GO DEEP: