| a. Mishandling of undefined, poorly defined |
| b. Spoofing and hijacking of data based on failed authentication attempts |
| c. Passing of session-credentials allowing intercept and unauthorized use |
| d. Weak or non-existent authentication mechanisms |
| Answer: Mishandling of undefined, poorly defined |