doc: add Attack Scenario

Author: PauloASilva

2019/en/0xa2-broken-authentitcation.md

@@ -8,10 +8,21 @@ A2:2019 Broken Authentication
 
 ## Is the API Vulnerable?
 
-## How To Prevent
-
 ## Example Attack Scenarios
 
+## Scenario #1
+
+## Scenario #2
+
+An attacker with access to a cloud-based team collaboration tool creates a
+private channel with himself in it. Then he starts a call, sharing it in the
+private channel: the HTTP request is recorded of later use. Two different users
+start a call on a different channel. The attacker grabs the channel id,
+replacing it in the previously captured HTTP request. Resending the request
+enables attacker to eavesdrop the private call.
+
+## How To Prevent
+
 ## References
 
 ### OWASP