SourceCodester Student Result Management System Cleartext Storage Vulnerability in Login Credentials File

A vulnerability exists in SourceCodester Student Result Management System version 1.0, specifically within the HTTP GET request handler component. The issue arises from an unknown function that leads to the cleartext storage of sensitive information in a file named 'login_credentials.txt', which is located in the web-accessible root directory without any access restrictions. This vulnerability allows an unauthenticated attacker to remotely retrieve plaintext login credentials for all user roles, including Administrator, Academic Teacher, Teacher, and Student, by sending a direct HTTP GET request to the file.

Impact

Exploitation of this vulnerability results in the unauthorized retrieval of plaintext login credentials for multiple user roles, including Administrator, Academic Teacher, Teacher, and Student.

Reproduction

To reproduce this vulnerability, send a direct HTTP GET request to the 'login_credentials.txt' file located in the web-accessible root directory of the SourceCodester Student Result Management System version 1.0. No authentication is required, and the file can be accessed freely, exposing plaintext login credentials for all user roles.

Remediation

It is recommended to apply restrictive firewall rules to block unauthorized access to the 'login_credentials.txt' file and prevent the retrieval of sensitive information.