From c347634c7b8ba4313812bbbea0e523d80582c6f3 Mon Sep 17 00:00:00 2001
From: Ryan Rudder <96507400+RRudder@users.noreply.github.com>
Date: Thu, 13 Jun 2024 18:01:48 +1000
Subject: [PATCH] Removal of category

* Privilege Escalation via Broken Authentication
---
 .../privilege_escalation/.gitkeep             |  0
 .../privilege_escalation/guidance.md          |  5 --
 .../privilege_escalation/recommendations.md   |  7 ---
 .../privilege_escalation/template.md          | 51 -------------------
 4 files changed, 63 deletions(-)
 delete mode 100644 submissions/description/broken_authentication_and_session_management/privilege_escalation/.gitkeep
 delete mode 100644 submissions/description/broken_authentication_and_session_management/privilege_escalation/guidance.md
 delete mode 100644 submissions/description/broken_authentication_and_session_management/privilege_escalation/recommendations.md
 delete mode 100644 submissions/description/broken_authentication_and_session_management/privilege_escalation/template.md

diff --git a/submissions/description/broken_authentication_and_session_management/privilege_escalation/.gitkeep b/submissions/description/broken_authentication_and_session_management/privilege_escalation/.gitkeep
deleted file mode 100644
index e69de29b..00000000
diff --git a/submissions/description/broken_authentication_and_session_management/privilege_escalation/guidance.md b/submissions/description/broken_authentication_and_session_management/privilege_escalation/guidance.md
deleted file mode 100644
index fc5963fb..00000000
--- a/submissions/description/broken_authentication_and_session_management/privilege_escalation/guidance.md
+++ /dev/null
@@ -1,5 +0,0 @@
-# Guidance
-
-For authentication bypass vulnerabilities, include instructions on how to access the vulnerable authentication mechanism and steps to bypass it in order to perform a function or access data not intended for that user. Provide screenshots to show the functionality accessed without valid authentication.
-
-Explain why this bypass is a risk and how it can be used as an attack vector. If safe, perform a function that is shown to require authentication.
diff --git a/submissions/description/broken_authentication_and_session_management/privilege_escalation/recommendations.md b/submissions/description/broken_authentication_and_session_management/privilege_escalation/recommendations.md
deleted file mode 100644
index f1044ebd..00000000
--- a/submissions/description/broken_authentication_and_session_management/privilege_escalation/recommendations.md
+++ /dev/null
@@ -1,7 +0,0 @@
-# Recommendation(s)
-
-There are a number of best practices involved with implementing authentication methods and session management. Declare the type of access allowed for each resource and deny access by default, unless these specific access conditions are met by a user attempting to access the resource. To enforce these access controls, it’s important to use a single application wide mechanism.
-
-It is recommended that all critical information is stored server-side, with only a session ID being passed back and forth between the server and client. Similarly, the data being sent to the client should be encrypted to ensure that data cannot be viewed in transit, and it should be digitally signed to ensure the data's integrity.
-
-Thoroughly test and audit the access controls during the development and deployment lifecycle to ensure the security and integrity of the controls.
diff --git a/submissions/description/broken_authentication_and_session_management/privilege_escalation/template.md b/submissions/description/broken_authentication_and_session_management/privilege_escalation/template.md
deleted file mode 100644
index 63ce6df1..00000000
--- a/submissions/description/broken_authentication_and_session_management/privilege_escalation/template.md
+++ /dev/null
@@ -1,51 +0,0 @@
-# Privilege Escalation via Broken Authentication
-
-## Overview of the Vulnerability
-
-Authentication and session management controls can be bypassed through a variety of ways including, calling an internal post authentication page, modifying the given URL parameters, by manipulating the form, or by counterfeiting sessions. The authentication method for this application can be bypassed by an attacker which enables them to access a privileged user’s account and functionality, giving them access to more resources or functionality within the application. This could include viewing or editing sensitive customer data, and viewing or editing other user permissions.
-
-## Business Impact
-
-The impact of privilege escalation through broken authentication controls can vary in severity depending on the degree of access to resources or functionality the malicious attacker is able to gain. An attacker with the ability to access, delete, or modify data from within the application could result in reputational damage for the business through the impact to customers’ trust. This can also result in indirect financial cost to the business through fines and regulatory bodies if sensitive data is accessed. The severity of the impact to the business is dependent on the sensitivity of the data being stored in, and transmitted by the application.
-
-## Steps to Reproduce
-
-1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
-1. Use a browser to navigate to: {{URL}}
-1. Login to User Account A
-1. Using the HTTP interception proxy, forward the following request to the endpoint:
-
-```HTTP
-{{request}}
-```
-
-1. Forward the requests until there is a POST request visible with the following parameters:
-
-{{parameter}}
-
-1. Modify the parameter to the following payload:
-
-{{payload}}
-
-1. Forward the request then turn off interception in the prox
-1. Observe that User Account A now has additional Administrator privileges and user functionality it was previously not authorized to access
-
-## Proof of Concept (PoC)
-
-The screenshots below demonstrate the authentication method being bypassed.
-
-Unauthenticated view:
-
-{{screenshot}}
-
-Bypassing authentication and escalating privileges:
-
-{{screenshot}}
-
-Privileged user view:
-
-{{screenshot}}
-
-A malicious attacker could abuse this authentication bypass further by abusing the privileged users permissions. This is demonstrated in the screenshot below:
-
-{{screenshot}}