Critical Logic Vulnerability : Authentication Downgrade

Critical Logic Vulnerability : Authentication Downgrade | by Mshamy - Freedium Milestone: 20GB Reached We’ve reached 20GB of stored data — thank you for helping us grow! Patreon Ko-fi Liberapay Close < Go to the original Critical Logic Vulnerability : Authentication Downgrade "بِسْمِ اللَّهِ الرَّحْمَنِ الرَّحِيمِ" Mshamy Follow ~2 min read · April 5, 2026 (Updated: April 5, 2026) · Free: Yes Summary While testing a private bug bounty program (Digital Signature Platform) , I discovered a critical business logic vulnerability that allowed me to downgrade the required security level and bypass organizational signature policies. Vulnerability Details There are two types of users: Organization users and Normal users who can sign requests. The platform has two types of Normal users based on their security level: High-Level User: This user can sign sensitive and official documents. Low-Level User: This user has limited access and cannot sign sensitive documents. When I send a signature request that requires a High-Level User , I intercept the request using Burp Suite . I found a parameter named securityLevel with a value of 4 . When I try to sign this request using a Low-Level User account, the website displays this error message: To bypass this control, I tampered with the request and changed the securityLevel value to 0 (matching the Low-Level account). The server accepted the modification, and I successfully signed the high-level document : Conclusion : The company decided to close this vulnerability as 'Accepted Risk' . However, I believe its impact is strictly Critical because it breaks the fundamental trust of the platform. My finding was validated as a Critical severity on the platform, and I received a Critical Badge for this report and I am featured in the 'Contributors' list for this program. Recommended Fix: The server must verify the required security level from its own database, not from the user's request. Thanks for reading. See you in the next write up! Linked in account : Mahmoud ELshamy #cybersecurity #bug-bounty #web-security #ethical-hacking #business-logic Reporting a Problem Sometimes we have problems displaying some Medium posts. If you have a problem that some images aren't loading - try using VPN. Probably you have problem with access to Medium CDN (or fucking Cloudflare's bot detection algorithms are blocking you).