In the following code, which is the location of vulnerability?
1 bIsAdmin = true;
2 try
3 {
4 function ();
5 bIsAdmin = isAdminUser(userName);
6 }
7 catch (Exception ex)
8 {
9 log.write(ex.toString());
10 }
-
Line 9
-
Line 5
-
Line 7
-
Line 1
D
Correct answer
Explanation
Line 1 sets bIsAdmin = true before any authentication occurs. If an exception is thrown in function() at line 4, execution jumps to the catch block and line 5 (the actual admin check) never executes. The exception is logged but bIsAdmin remains true, allowing unauthorized admin access. This is a vulnerable default-privileged design - sensitive flags should default to false.