Question 9
Domain 2: Privacy Risk ManagementA user can change the number in a profile URL and load another customer's application record. Why is this a serious privacy problem?
Correct answer: B
Explanation
An insecure direct object reference lets a user access data by changing an identifier in the URL, instead of proving authorization. Because the user can load "another customer's application record," the system is exposing personal data to unauthorized users, which is a serious privacy breach.
Why each option is right or wrong
A. It is mainly a branding problem because the URL looks messy
B. It is an insecure direct object reference that can expose personal data to unauthorized users
The issue is an insecure direct object reference (IDOR): the application is using a predictable object identifier in the URL as the sole gate to a record, instead of enforcing authorization on the server side. Under privacy laws such as GDPR Article 5(1)(f), personal data must be processed with appropriate security, including protection against unauthorized access; exposing another customer’s application record by changing a number in the URL means that requirement is not met. Because the record can be retrieved without any valid access check, the flaw can disclose personal data to any user who guesses or increments the identifier.
C. It only matters if the record contains financial data
D. It is acceptable if the site logs the access attempt