Gaurav-Verma07 / sampark

A social platform to connect NGOs and orphanage to potential social suppliers including schools and colleges.
https://sampark-nine.vercel.app
MIT License
24 stars 47 forks source link

[BUG]: SENSITIVE INFORMATIONS ARE LOGGED ON DEV CONSOLE 🙅🏻🚨 #378

Closed 0xabdulkhaliq closed 1 year ago

0xabdulkhaliq commented 1 year ago

Description

Screenshot:

Screenshot_2023-08-05-15-14-37_1366x768

Logged Information:

Risks

  1. Unauthorized Access: Attackers could exploit the logged API key, gaining unauthorized access to sensitive resources and confidential data stored in Firebase services.
  2. Data Leaks: Exposing project identifiers and URLs could facilitate data leaks and unauthorized data retrieval.
  3. Increased Attack Surface: By exposing sensitive information, the application's attack surface expands, making it more susceptible to targeted attacks.
  4. Misuse of Credentials: Leaked credentials can be utilized to perform identity theft, fraudulent activities, or to manipulate system behavior maliciously.
  5. Compliance Violation: Storing sensitive information in the browser's console may lead to non-compliance with security and privacy regulations (e.g., GDPR, HIPAA).

Importance of Removing Logs:

0xabdulkhaliq commented 1 year ago

Hey there @Gaurav-Verma07 👋🏻

Please make sure to assign this issue to me for immediate resolution !