Which statement is a characteristic of the broken access control threat to web applications?
- It allows attackers to access, and potentially change, serialized versions of data and objects.
- It allows attackers to steal sensitive information such as passwords or personal information.
- It allows users to circumvent existing authentication requirements.
- It allows an attacker to use the dynamic functions of a site to inject malicious content into the page.