An internal staff member logs into an ERP platform and clicks on a record. The browser URL changes to:
URL: http://192.168.0.100/ERP/accountId=5&action=SELECT
Which of the following is the MOST likely vulnerability in this ERP platform?
A. Brute forcing of account credentials
B. Plain-text credentials transmitted over the Internet
C. Insecure direct object reference
D. SQL injection of ERP back end
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
Thanks Corona, I was in doubt with B.
C. Insecure direct object reference
https://portswigger.net/web-security/access-control/idor
C. Insecure direct object reference
https://portswigger.net/web-security/access-control/idor
https://vceguide.com/which-of-the-following-is-the-most-likely-vulnerability-in-this-erp-platform/