Insecure data storage-server-side credentials storage

Insecure data storage-server-side credentials storage

 

 

            1.Create an account and login and go to profile https://www.kayak.co.in/profile/account. 

 

 

 

            2. Add profile picture and do right click view image then the page redirect to profile image link https://www.kayak.co.in/picasso/retrieveImg/uimg?imgKey=/uimg/v01/6de1f8e35ea7a2632c19127f3acd0543854fef1225a9a30141e1d9a60cb1c620/1.png&width=372&height=372&xhint=0&yhint=0&counter=60627222368&crop=true appear the profile image and copy the url. 

 

 

 

 

 

            3. Then delete your account .

             

             4. Go to copied url and search . 

 

             5.the deleted account profile image is appear in the page.

 

             6. I delete that account before 2 days but still the deleted account profile image url not expired

Impact

Sensitive data exposure usually occurs when we fail to adequately protect the information in the database. Various causes that can lead to this are missing or weak encryption,software flaws,storing data in the wrong place,etc. An attacker can expose different types of data.