GroceryMart Sensitive Information Disclosure Vulnerability in Users.json File

A vulnerability allowing unauthorized access to sensitive user information has been identified in the GroceryMart application, specifically in the users.json file of commit 21934e6, dated October 23, 2020. This issue arises from the file's public accessibility without authentication, exposing plaintext usernames, passwords, and personal addresses. As a result, any unauthenticated individual can retrieve this sensitive data directly from the web server.

Impact

Exploitation of this vulnerability allows for the unauthorized retrieval of user credentials, including plaintext passwords and personal addresses. This could lead to unauthorized access to user accounts, identity theft, account compromise, privacy violations through the exposure of personal information, and significant reputational damage to the vendor.

Reproduction

To reproduce this vulnerability, access the users.json file located in the GroceryMart application's json directory. This can be done by opening the file URL in a web browser without any login requirements. The file will return user details in plaintext, including usernames, passwords, and addresses.

Remediation

It is recommended to remove the users.json file from any directory accessible via the web. Passwords should never be stored in plaintext; instead, secure hashing methods like bcrypt or Argon2 should be used. Access to JSON or data folders should be restricted through server configuration, such as using .htaccess files for Apache or location directives for Nginx. Additionally, authentication and authorization checks should be implemented before serving sensitive data, static JSON storage should be replaced with a secure backend database, and environment-based configurations should be used to prevent test data from leaking into production.