A network administrator is implementing a token system in which a hardware device is used to store a password. The password is u
nknown to the user and transmitted to the system for authentication. If implementing to which of the following attacks is this token type vulnerable? A) Replay
B) Smurf
C) Collision
D) Privilege escalation
<u><em>Privilege escalation:</em></u> This is when an intruder gain access to a lower level user account and uses it to gain further access to resources that are normally protected from the lower level users. this mostly achieved by exploiting vulnerabilities like a bug, configurations or design flaws in a lower level user account to gain further or elevated access to the site administrator.
Below are some of the common privilege escalation techniques that intruders use in gaining access to user account, they include:
i) Using valid accounts
ii) Manipulating access tokens
iii) Bypassing user account control
An intruders goal in a privilege escalation attack is to gain high-level privileges so as to be able to access importance administrative data without being noticed.
Privilege escalation is a situation whereby an attacker exploits a privilege escalation vulnerability in a target system which then allows to override the user account.
A token system is usually vulnerable to privilege escalation attacks. The hacker usually acts as a middle man between the original user and the system. The hacker solicits for the token output from the legitimate user which he then supplies to the system for authentication to gain entrance.
variables when declared static gets called statically meaning whenever a function call is made it get stored and it is not required to get the variable again when the function is again called. There scope is beyond the function block
