A tester accesses `/api/users/1001` and then changes the ID to `/api/users/1002` to view another user's data without authorization. What vulnerability is this?
-
A
Privilege Escalation
-
B
Insecure Direct Object Reference (IDOR)
-
C
Mass Assignment
-
D
Broken Function Level Authorization