What type of vulnerability is identified when access to all employee accounts can be gained by changing the employee's ID in the URL?

The scenario described highlights a vulnerability where an attacker can gain unauthorized access to employee accounts by simply altering the employee ID in the URL. This indicates a fundamental flaw in the authentication mechanism used by the application.

Broken authentication refers to weaknesses in the processes that are supposed to ensure that users are who they claim to be and that they have the correct permissions to access specific resources. In this case, if changing the employee's ID in the URL allows access to another user's account without proper verification, it demonstrates that the application does not properly validate whether the user requesting access is indeed authorized to view the resources associated with that specific ID.

This type of vulnerability can lead to serious security issues, such as unauthorized data exposure and the ability for an attacker to impersonate other users. Proper mechanisms such as session management, token validation, and server-side checks should be implemented to prevent such vulnerabilities from being exploited.

In contrast, the other options represent different types of vulnerabilities that do not specifically relate to the described scenario. Unvalidated input generally refers to situations where user input is not properly checked before being processed, leading to injection issues. Cross-site scripting involves injecting malicious scripts into web pages viewed by other users, which is different from gaining access through altered URLs. Structured Query Language (