Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Eccouncil 212-89 Exam - Topic 9 Question 89 Discussion

Actual exam question for Eccouncil's 212-89 exam
Question #: 89
Topic #: 9
[All 212-89 Questions]

[Introduction to Incident Handling and Response]

If the browser does not expire the session when the user fails to logout properly, which of the following OWASP Top 10 web vulnerabilities is caused?

Show Suggested Answer Hide Answer
Suggested Answer: C

When a browser does not expire a session after the user fails to logout properly, it is indicative of a vulnerability related to broken authentication. Broken authentication is a security issue where attackers can exploit flaws in the authentication mechanism to impersonate other users or take over their sessions. Failure to properly manage session lifetimes, such as not expiring sessions on logout, can allow an attacker to reuse old sessions or session IDs, potentially gaining unauthorized access to user accounts. This vulnerability is classified under A2: Broken Authentication in the OWASP Top 10, which lists the most critical web application security risks. The OWASP Top 10 serves as a guideline for developers and web application providers to understand and mitigate common security risks.


by Lilli at Jan 05, 2026, 05:16 AM

Limited Time Offer

25%

Off

Get Premium 212-89 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Launa
2 days ago
Wait, are we sure it's not D) A5? Seems like a close call.
upvoted 0 times
...
Hyun
8 days ago
Yeah, C makes the most sense here.
upvoted 0 times
...
Sharen
13 days ago
I thought it was B) A3: Sensitive-data exposure.
upvoted 0 times
...
Yan
18 days ago
Definitely C) A2: Broken authentication.
upvoted 0 times
...
Anna
23 days ago
Haha, this is a classic "which vulnerability is it" question. I'm going with C, gotta keep those sessions secure!
upvoted 0 times
...
Willard
28 days ago
Hmm, I'd say B) A3: Sensitive data exposure. That open session could reveal all kinds of sensitive info.
upvoted 0 times
...
Nydia
2 months ago
I'm going with D) A5: Broken access control. Sounds like a session management issue to me.
upvoted 0 times
...
Keena
2 months ago
Definitely C. Leaving the session open is a security nightmare waiting to happen.
upvoted 0 times
...
Jestine
2 months ago
C) A2: Broken authentication is the correct answer. If the browser doesn't expire the session, it can lead to unauthorized access.
upvoted 0 times
...
Hermila
2 months ago
I’m confused; I thought session management could also tie into access control issues, but I guess that’s more about A5?
upvoted 0 times
...
Stacey
2 months ago
I practiced a question similar to this, and I feel like it was about authentication problems, so I'm leaning towards A2 as well.
upvoted 0 times
...
Sherrell
3 months ago
I'm not entirely sure, but I remember something about session expiration being linked to sensitive data exposure. Could it be A3?
upvoted 0 times
...
Ben
3 months ago
I think this might relate to A2: Broken authentication since it deals with session management issues.
upvoted 0 times
...
Maile
3 months ago
Ah, I see now. If the session isn't properly expired, that means an attacker could potentially hijack the session and gain unauthorized access. That sounds like a broken authentication issue to me. I'll go with C.
upvoted 0 times
...
Dewitt
3 months ago
I think the key here is understanding how session management is related to the OWASP Top 10. If the session isn't properly expired, that could lead to broken access control. I'm going with D.
upvoted 0 times
...
Eladia
3 months ago
I'm a bit confused here. Is this about cross-site scripting or broken authentication? I'm not sure which one fits best.
upvoted 0 times
...
Maybelle
3 months ago
Okay, let's see. If the browser doesn't expire the session, that could lead to sensitive data exposure, right? I'm leaning towards B.
upvoted 0 times
...
Yuette
4 months ago
Hmm, this seems like a tricky one. I'll need to think carefully about the OWASP Top 10 vulnerabilities and how they relate to session management.
upvoted 0 times
...

Save Cancel