The product uses a constant value, name, or reference, but this value can (or should) vary across different environments.
N/A
Threat Mapped score: 0.0
Industry: Finiancial
Threat priority: Unclassified
CVE: CVE-2002-0980
Component for web browser writes an error message to a known location, which can then be referenced by attackers to process HTML/script in a less restrictive context
N/A
N/A
| Phase | Note |
|---|---|
| Architecture and Design | N/A |
| Implementation | N/A |
Intro: The following code is an example of an internal hard-coded password in the back-end:
Body: Every instance of this program can be placed into diagnostic mode with the same password. Even worse is the fact that if this program is distributed as a binary-only distribution, it is very difficult to change that password or disable this "functionality."
int VerifyAdmin(char *password) { if (strcmp(password, "Mew!")) { printf("Incorrect Password!\n"); return(0) } printf("Entering Diagnostic Mode...\n"); return(1); }Intro: This code assumes a particular function will always be found at a particular address. It assigns a pointer to that address and calls the function.
Body: The same function may not always be found at the same memory address. This could lead to a crash, or an attacker may alter the memory at the expected address, leading to arbitrary code execution.
int (*pt2Function) (float, char, char)=0x08040000; int result2 = (*pt2Function) (12, 'a', 'b'); // Here we can inject code to execute.