The correct answer to this question is D, Insecure Direct Object References. These references happen when an application gives direct access to objects. The access is based on an input supplied by a user. This makes attackers get through authorization and access resources in the system.
The resources could be records or files. It can also include the modification values of parameters. There are ways to test the vulnerability, including mapping out locations where the user input was used. Insecure Direct Object References can come in many forms, including attack mechanics, where the URLs are manipulated through a request. They can manipulate the URL and parameter.
The answer to this is letter D. Authentication Bypass may sometimes occur when there are usernames that are almost similar to each other. There are some people who try their best to copy certain usernames and they will do it in such a way that the system may not always recognize the difference. Systems are more high tech now so it will be harder to do this.
Some are able to skip the login page and just enter pages that they are not authorized to view. This can be a problem for people who are trying to keep some information confidential. When this occurs, the person will automatically reach a page that should only be accessed after the person has logged in successfully.