To answer this question, you need to understand information leakage vulnerabilities.
Option A) Displaying “Welcome, “+request.getParameter(“userid”) - This option does not demonstrate information leakage vulnerability. It simply displays a welcome message with the user ID obtained from the request parameter.
Option B) Displaying “You entered either a wrong user id or password” error message - This option does not demonstrate information leakage vulnerability either. It is a generic error message that does not provide specific information about the user ID or password entered.
Option C) Call stack trace - This option is an example of information leakage vulnerability. When an application throws an exception, the call stack trace may be displayed as part of the error message. The call stack trace can contain sensitive information, such as file paths, class names, and method names, which can be exploited by attackers.
Option D) Return error code 404 - This option does not demonstrate information leakage vulnerability. A 404 error code is a standard HTTP response indicating that the requested resource could not be found.
The correct answer is C) Call stack trace. This option is correct because the call stack trace can potentially reveal sensitive information that can be used by attackers.