When passwords are stored with weak hashing algorithms, attackers can obtain the original passwords from the database. This vulnerability is called:

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

When passwords are stored with weak hashing algorithms, attackers can obtain the original passwords from the database. This vulnerability is called:

Explanation:
Weak password storage lets an attacker resist the hash and crack the credentials offline. When passwords are protected with a weak hashing algorithm (especially without unique salts), a database breach enables the attacker to brute-force or use precomputed rainbow tables to recover the original passwords. This is known as password exploitation—the attacker exploits poorly stored credentials to obtain plaintext passwords. It isn’t about timeouts, access control, or missing function level access control, which relate to authorization or session handling rather than recovering passwords from hashes. To prevent this, store passwords with strong, salted hashes (like bcrypt, scrypt, or Argon2) using unique salts per password, and consider additional safeguards like peppering and MFA.

Weak password storage lets an attacker resist the hash and crack the credentials offline. When passwords are protected with a weak hashing algorithm (especially without unique salts), a database breach enables the attacker to brute-force or use precomputed rainbow tables to recover the original passwords. This is known as password exploitation—the attacker exploits poorly stored credentials to obtain plaintext passwords. It isn’t about timeouts, access control, or missing function level access control, which relate to authorization or session handling rather than recovering passwords from hashes. To prevent this, store passwords with strong, salted hashes (like bcrypt, scrypt, or Argon2) using unique salts per password, and consider additional safeguards like peppering and MFA.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy