Question

A network administrator is implementing a token system in which a hardware device is used to store a password. The password is unknown to the user and transmitted to the system for authentication. If implementing to which of the following attacks is this token type vulnerable?
A) Replay
B) Smurf
C) Collision
D) Privilege escalation

Answer 1

Answer:

D) Privilege escalation

Explanation:

Privilege escalation:  This is when an intruder gain access to a lower level user account and uses it to gain further access to resources that are normally protected from the lower level users. this mostly achieved by exploiting vulnerabilities like a bug, configurations or design flaws in a lower level user account to gain further or elevated access to the site administrator.

Below  are some of the common privilege escalation techniques that intruders use in gaining access to user account, they include:

i) Using valid accounts

ii)  Manipulating access tokens

iii) Bypassing user account control

An intruders goal in a privilege escalation attack is to gain high-level privileges so as to be able to access importance administrative data without being noticed.

Answer 2

Answer:

D) Privilege escalation

Explanation:

Privilege escalation is a situation whereby an attacker exploits a privilege escalation vulnerability in a target system which then allows to override the user account.

A token system is usually vulnerable to privilege escalation attacks. The hacker usually acts as a middle man between the original user and the system. The hacker solicits for the token output from the legitimate user which he then supplies to the system for authentication to gain entrance.