New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil 212-89 Exam - Topic 9 Question 89 Discussion

Actual exam question for Eccouncil's 212-89 exam
Question #: 89
Topic #: 9
[All 212-89 Questions]

[Introduction to Incident Handling and Response]

If the browser does not expire the session when the user fails to logout properly, which of the following OWASP Top 10 web vulnerabilities is caused?

Show Suggested Answer Hide Answer
Suggested Answer: C

When a browser does not expire a session after the user fails to logout properly, it is indicative of a vulnerability related to broken authentication. Broken authentication is a security issue where attackers can exploit flaws in the authentication mechanism to impersonate other users or take over their sessions. Failure to properly manage session lifetimes, such as not expiring sessions on logout, can allow an attacker to reuse old sessions or session IDs, potentially gaining unauthorized access to user accounts. This vulnerability is classified under A2: Broken Authentication in the OWASP Top 10, which lists the most critical web application security risks. The OWASP Top 10 serves as a guideline for developers and web application providers to understand and mitigate common security risks.


by Lilli at Jan 05, 2026, 05:16 AM

Limited Time Offer

25%

Off

Get Premium 212-89 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Nydia
3 days ago
I'm going with D) A5: Broken access control. Sounds like a session management issue to me.
upvoted 0 times
...
Keena
8 days ago
Definitely C. Leaving the session open is a security nightmare waiting to happen.
upvoted 0 times
...
Jestine
14 days ago
C) A2: Broken authentication is the correct answer. If the browser doesn't expire the session, it can lead to unauthorized access.
upvoted 0 times
...
Hermila
19 days ago
I’m confused; I thought session management could also tie into access control issues, but I guess that’s more about A5?
upvoted 0 times
...
Stacey
24 days ago
I practiced a question similar to this, and I feel like it was about authentication problems, so I'm leaning towards A2 as well.
upvoted 0 times
...
Sherrell
29 days ago
I'm not entirely sure, but I remember something about session expiration being linked to sensitive data exposure. Could it be A3?
upvoted 0 times
...
Ben
1 month ago
I think this might relate to A2: Broken authentication since it deals with session management issues.
upvoted 0 times
...
Maile
1 month ago
Ah, I see now. If the session isn't properly expired, that means an attacker could potentially hijack the session and gain unauthorized access. That sounds like a broken authentication issue to me. I'll go with C.
upvoted 0 times
...
Dewitt
1 month ago
I think the key here is understanding how session management is related to the OWASP Top 10. If the session isn't properly expired, that could lead to broken access control. I'm going with D.
upvoted 0 times
...
Eladia
2 months ago
I'm a bit confused here. Is this about cross-site scripting or broken authentication? I'm not sure which one fits best.
upvoted 0 times
...
Maybelle
2 months ago
Okay, let's see. If the browser doesn't expire the session, that could lead to sensitive data exposure, right? I'm leaning towards B.
upvoted 0 times
...
Yuette
2 months ago
Hmm, this seems like a tricky one. I'll need to think carefully about the OWASP Top 10 vulnerabilities and how they relate to session management.
upvoted 0 times
...

Save Cancel