Certified Ethical Hacker (CEH v13) — Question 121

XYZ company recently discovered a potential vulnerability on their network, originating from misconfigurations. It was found that some of their host servers had enabled debugging functions and unknown users were granted administrative permissions. As a Certified Ethical Hacker, what would be the most potent risk associated with this misconfiguration?

Answer options

• A. An attacker may be able to inject a malicious DLL into the current running process
• B. Weak encryption might be allowing man-in-the-middle attacks, leading to data tampering
• C. Unauthorized users may perform privilege escalation using unnecessarily created accounts
• D. An attacker may carry out a Denial-of-Service assault draining the resources of the server in the process

Correct answer: C

Explanation

The correct answer is C because unauthorized users with administrative permissions can exploit their access to escalate their privileges, potentially compromising the entire server. Option A pertains to code injection, which is not directly linked to the misconfigurations stated. Option B discusses encryption issues that are not mentioned in the scenario. Option D, while a valid concern, does not directly relate to the misconfigurations described.