Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      Internship_Tracker #12293 Insecure Firebase Credentials
    Actions
    #12293
    Rushabh Yogesh Doshi (rushbhai)
    2020-12-24 15:51
    2020-12-24 15:51
    Details
    Insecure Firebase Credentials
    I have found that firebase sensitive credentials like API_key, Database_url is displayed in Cleartext form while intercepting requests

    All such details should not be present in Code in cleartext form there should be encryption or other mechanism to call api_key for processing because that data can be used by attacker to perform read and write on Firebase database without access control
    Empty
    Empty
    State of Progress
    2020-12-24
    Empty
    Empty
    Akshay kumar ray (akshayray)
    2020-12-24
    Open
    Attachments
    By Rushabh Yogesh Doshi (rushbhai)
    (83 kB)
    leak_firebase.png
    References
    References list is empty