Certified Ethical Hacker (CEH v12) — Question 141

XYZ company recently discovered a potential vulnerability on their network, originating from misconfigurations. It was found that some of their host servers had enabled debugging functions and unknown users were granted administrative permissions. As a Certified Ethical Hacker, what would be the most potent risk associated with this misconfiguration?

Answer options

• A. An attacker may be able to inject a malicious DLL into the current running process
• B. Weak encryption might be allowing man-in-the-middle attacks, leading to data tampering
• C. Unauthorized users may perform privilege escalation using unnecessarily created accounts
• D. An attacker may carry out a Denial-of-Service assault draining the resources of the server in the process

Correct answer: C

Explanation

The correct answer, C, highlights the risk of unauthorized users leveraging excessive privileges to escalate their access, which can lead to further exploits. Options A and D are less relevant as they pertain to different attack vectors that do not directly stem from the described misconfigurations. Option B focuses on encryption issues that are not specifically tied to the misconfigurations mentioned.