After discovering the /etc/shadow file had been rewritten, a security administrator noticed an application insecurely creating files in / tmp . Which of the following vulnerabilities has MOST likely been exploited?

Question

Quizplus · Accepted Answer

The /etc/shadow file is critical for storing password hashes and is typically only writable by privileged users. If it has been rewritten due to an application creating files insecurely in /tmp, it suggests that an attacker exploited a vulnerability to gain elevated privileges, allowing them to modify this sensitive file. This is indicative of a privilege escalation vulnerability.

After Discovering the /Etc/shadow File Had Been Rewritten, a Security