A security analyst has noticed a vulnerability in which an attacker took over multiple users' accounts. Which vulnerability did the security analyst encounter?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Get ready for your WGU ITEC2034 D385 Software Security and Testing Test. Study with multiple choice questions that include hints and explanations. Boost your confidence for your exam day!

Multiple Choice

A security analyst has noticed a vulnerability in which an attacker took over multiple users' accounts. Which vulnerability did the security analyst encounter?

Explanation:
This scenario tests broken access control. When access controls aren’t properly enforced, an attacker can access or impersonate other users’ accounts because the system fails to validate that every action or data access is allowed for that specific user. Taking over multiple accounts points to authorization checks not being reliably applied, or to horizontal privilege escalation where one user’s session could be used to access other users’ resources. Other flaws would show different signs: SQL injection exploits input to run arbitrary database commands, not inherently about impersonating multiple users; cross-site scripting steals session data by injecting scripts into pages viewed by users; insecure cryptography involves weak or mismanaged encryption, which might expose data but doesn’t directly explain across-many-accounts takeover. So the account-takeover pattern aligns with broken access control. To prevent this, implement strict, server-side authorization checks for every action, enforce least privilege, strengthen session management, and consider multi-factor authentication to reduce the risk of account compromise.

This scenario tests broken access control. When access controls aren’t properly enforced, an attacker can access or impersonate other users’ accounts because the system fails to validate that every action or data access is allowed for that specific user. Taking over multiple accounts points to authorization checks not being reliably applied, or to horizontal privilege escalation where one user’s session could be used to access other users’ resources.

Other flaws would show different signs: SQL injection exploits input to run arbitrary database commands, not inherently about impersonating multiple users; cross-site scripting steals session data by injecting scripts into pages viewed by users; insecure cryptography involves weak or mismanaged encryption, which might expose data but doesn’t directly explain across-many-accounts takeover. So the account-takeover pattern aligns with broken access control.

To prevent this, implement strict, server-side authorization checks for every action, enforce least privilege, strengthen session management, and consider multi-factor authentication to reduce the risk of account compromise.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy