nerdexam
EC-Council

312-50V13 · Question #114

If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?

The correct answer is B. Brute force. When a token performs off-line checking for a 4-digit PIN, it exposes the system to a brute force attack due to the finite and small number of possible PIN combinations.

Submitted by naveen.iyer· Mar 6, 2026System Hacking

Question

If a token and 4-digit personal identification number (PIN) are used to access a computer system and the token performs off-line checking for the correct PIN, what type of attack is possible?

Options

  • ABirthday
  • BBrute force
  • CMan-in-the-middle
  • DSmurf

How the community answered

(50 responses)
  • A
    12% (6)
  • B
    80% (40)
  • C
    2% (1)
  • D
    6% (3)

Why each option

When a token performs off-line checking for a 4-digit PIN, it exposes the system to a brute force attack due to the finite and small number of possible PIN combinations.

ABirthday

A birthday attack is a cryptographic attack that exploits the mathematics behind hash collisions; it is not applicable to a simple 4-digit PIN authentication mechanism.

BBrute forceCorrect

A brute force attack is possible because the PIN checking occurs off-line, meaning there are no network-based defenses (like account lockout policies) to prevent repeated guesses. With only a 4-digit PIN, there are 10,000 possible combinations (0000-9999), which can be quickly exhausted by an attacker without detection if the checking is done locally on the token.

CMan-in-the-middle

A man-in-the-middle attack involves intercepting communication between two parties; off-line PIN checking doesn't inherently create a vulnerability for MITM, though it might be combined with other attacks.

DSmurf

A Smurf attack is a type of Denial of Service (DoS) attack that uses ICMP echo requests (pings) and broadcast addresses; it is unrelated to token-based authentication with a PIN.

Concept tested: Brute force attack vulnerability

Topics

#brute force attack#offline cracking#PIN security

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice