Multiple choice technology security

In the following code, which is the location of vulnerability?

1 String username = req.getParameter("loginID"); 
2 String password = req.getParameter("loginPassword"); 
3 String sql = "SELECT UserID from Employee WHERE Emp_ID = ? AND Password=?"; 
4 pstmt = con.prepareStatement(sql); 
5 pstmt.setString(1,username); 
6 pstmt.setString(2,password); 
7 pstmt.execute(); 
8 user = pstmt.getResultSet(); 
9 if(user!=null)  
10 { 
11  while (user.next()) 
12  { 
13   userInfo.add(user.getString(1)); 
14  }  
15 } 
16 else 
17 { 
18  log.debug(“Invalid Login: Login ID-”+ username+” Password-”+ password); 
19 }

  1. Line 5

  2. Line 4

  3. Line 18

  4. Line 11

Reveal answer Fill a bubble to check yourself
C Correct answer
Explanation

Line 18 contains a vulnerability because it logs the raw, sensitive password parameter. In contrast, the SQL query execution on lines 3-7 is secure since it uses a parameterized PreparedStatement which prevents SQL injection.