Course Solutions Uncategorized (Solved) : Code Specify Data Exposed Line S Source Present Vulnerability Describe Would Fix Vulnerabl Q34414183 . . . .

(Solved) : Code Specify Data Exposed Line S Source Present Vulnerability Describe Would Fix Vulnerabl Q34414183 . . . .

June 27, 2024June 27, 2024| adminadmin| 0 Comment| 8:21 pm
Categories:

 

For each code specify:

What data is being exposed and how?

What line(s) in the source present the vulnerability?

Describe how you would fix the vulnerable code.

CWE615_Info_Exposure.c

#include “std_testcase.h”

#include
#pragma comment(lib, “advapi32.lib”)

#define PASSWORD “ABCD1234!”
#define USERNAME “XXXXX Smith!”

void CWE615_Info_Exposure_bad()
{
int j;
for(j = 0; j < 1; j++)
{
{
size_t passwordLen = 0;
HANDLE hUser;
char * domain = “Domain”;
/* Use the password in LogonUser() to establish that it is”sensitive” */
if (LogonUserA(
USERNAME,
domain,
PASSWORD,
LOGON32_LOGON_NETWORK,
LOGON32_PROVIDER_DEFAULT,
&hUser) != 0)
{
/* Logged in XXXXX Smith using password ABCD1234 */
printLine(“User logged in successfully” );
CloseHandle(hUser);
}
else
{
printLine(“Unable to login.”);
}
}
}
}

int main(int argc, char * argv[])
{
/* seed randomness */
srand( (unsigned)time(NULL) );
#ifndef OMITGOOD
printLine(“Calling good()…”);
CWE615_Info_Exposure_good();
printLine(“Finished good()”);
#endif /* OMITGOOD */
#ifndef OMITBAD
printLine(“Calling bad()…”);
CWE615_Info_Exposure_bad();
printLine(“Finished bad()”);
#endif /* OMITBAD */
return 0;
}

CWE535_Info_Exposure_Shell.c

#include “std_testcase.h”

#include

#include
#pragma

OR

PayPal Gateway not configured

OR

PayPal Gateway not configured

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post