Which vulnerability arises when privileged functions are accessible without proper authorization checks, such as changing user roles by non-privileged users?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which vulnerability arises when privileged functions are accessible without proper authorization checks, such as changing user roles by non-privileged users?

Explanation:
When a system lets privileged operations run without verifying who is calling them, it fails at function-level authorization. Changing a user’s role is a sensitive action that should only be allowed for administrators; if a non-privileged user can invoke that capability, the system is not properly enforcing authorization at the function level. This exact situation is described as Missing Function Level Access Control. While Broken Access Control is a broader umbrella term for various access-control failures, this scenario is a precise instance of missing function level checks. The other options are too generic or unrelated: Access Control by itself doesn’t specify the per-function checks, and Password Exploitation concerns credential-based attacks rather than bypassing authorization on privileged functions. To fix, ensure explicit authorization checks for every privileged function, enforce least privilege, and log and test for privilege escalation paths.

When a system lets privileged operations run without verifying who is calling them, it fails at function-level authorization. Changing a user’s role is a sensitive action that should only be allowed for administrators; if a non-privileged user can invoke that capability, the system is not properly enforcing authorization at the function level. This exact situation is described as Missing Function Level Access Control. While Broken Access Control is a broader umbrella term for various access-control failures, this scenario is a precise instance of missing function level checks. The other options are too generic or unrelated: Access Control by itself doesn’t specify the per-function checks, and Password Exploitation concerns credential-based attacks rather than bypassing authorization on privileged functions. To fix, ensure explicit authorization checks for every privileged function, enforce least privilege, and log and test for privilege escalation paths.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy