#include #include #include int check_authentication(char *password) { int auth_flag=0: c

[answerhappygod]

Include Stdio H Include Stdlib H Include String H Int Check Authentication Char Password Int Auth Flag 0 C 1 (42.4 KiB) Viewed 48 times

#include <stdio.h> #include <stdlib.h> #include <string.h> int check_authentication(char *password) { int auth_flag=0: char *password buffer: char *dept; password_buffer = (char *) malloc (16): dept = (char *) malloc(10): strcpy(password_buffer, password); if(strcmp(password_buffer, "AsiaPacificInst") ==0){ printf("Your Department:"); gets(dept); printf("\nUser from Department: 'n"); printf(dept); if(strcmp(dept,"NSF")==0) { auth_flag = 1; } } else if(strcmp(password_buffer, "AsiaPacificUni")==0){ printf("Your Department:"); gets (dept); printf("\nUser from Department: \n"); printf(dept): if(strcmp(dept,"TM")==0) { auth_flag = 1; } } else { auth_flag = 0; } return auth_flag: } int main() { char errmsg[512]; char outbuf[512]; char user[20]: char password[20]: printf("Username: ");

gets(user); if (strcmp(user, "Admln")=0){ printf("Authorised User\n"); sprintf(errmsg, "Authorised User %400s",user); sprintf(outbuf, errmsg); printf("Password: "); gets(password); if(check_authentication(password)) { printf("\n-== --==-=- \n"); printf(" Access Granted. In"); printf("- -===-=-\n"); } else { printf("\n- ====-n"); printf("\nAccess Denied. n"); printf("\n- - n"); } } else { printf("Unauthorised user!\n"); exit(0); } } Perform the static and dynamic code analysis to: a) b) Identify Four (4) vulnerabilities that exist in the code and discuss on the possible attack that can be performed to the code. Simulate on the attack and show detail evidence(s) on how the attack can be done with screenshot and detail explanation. Amend the code to provide solution in preventing the attack that being simulated in b) and explain in detail the solution(s) provided. c)