Certified Ethical Hacker (CEH v12) — Question 303

Ron, a security professional, was pen testing web applications and SaaS platforms used by his company. While testing, he found a vulnerability that allows hackers to gain unauthorized access to API objects and perform actions such as view, update, and delete sensitive data of the company.

What is the API vulnerability revealed in the above scenario?

Answer options

• A. No ABAC validation
• B. Business logic flaws
• C. Improper use of CORS
• D. Code injections

Correct answer: A

Explanation

The correct answer is A, as the scenario describes a lack of Attribute-Based Access Control (ABAC) validation, allowing unauthorized access to API objects. Options B, C, and D do not specifically address access control issues related to APIs, making them incorrect in this context.