CVE-2026-5531
Cleartext Credential Storage in SourceCodester Student Result System
Publication date: 2026-04-05
Last updated on: 2026-04-05
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sourcecodester | student_result_management_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
| CWE-313 | The product stores sensitive information in cleartext in a file, or on disk. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves cleartext storage of login credentials in the file /login_credentials.txt, which can be remotely exploited via HTTP GET requests.
To detect this vulnerability on your system, you can check for the existence and contents of the /login_credentials.txt file to see if sensitive information is stored in cleartext.
- Use commands like `cat /path/to/login_credentials.txt` or `grep -i password /path/to/login_credentials.txt` to inspect the file contents.
- Monitor HTTP GET requests to the server for suspicious access patterns targeting /login_credentials.txt.
- Use network monitoring tools or web server logs to identify any remote attempts to access this file.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability involves the cleartext storage of sensitive information in the /login_credentials.txt file, which can be accessed remotely. Such insecure storage of credentials can lead to unauthorized access and data breaches.
Cleartext storage of sensitive data typically violates data protection requirements found in common standards and regulations such as GDPR and HIPAA, which mandate the protection of personal and sensitive information through appropriate security measures including encryption.
Therefore, exploitation of this vulnerability could result in non-compliance with these regulations due to inadequate protection of user credentials and potential exposure of personal data.
Can you explain this vulnerability to me?
This vulnerability exists in the SourceCodester Student Result Management System 1.0, specifically involving an unknown function related to the file /login_credentials.txt handled by the HTTP GET Request Handler.
The issue allows an attacker to manipulate the system so that sensitive information is stored in cleartext on disk or in a file, which can be accessed remotely.
Because the exploit has been publicly disclosed, attackers may use it to gain unauthorized access to sensitive login credentials.
How can this vulnerability impact me? :
The vulnerability can lead to exposure of sensitive login credentials stored in cleartext, making it easier for attackers to obtain and misuse them.
Since the attack can be initiated remotely without authentication, it increases the risk of unauthorized access to the system.
This could result in compromised user accounts, unauthorized data access, and potential further exploitation of the system.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing or securing the /login_credentials.txt file to prevent cleartext storage of sensitive information.
Restrict access permissions to this file so that it is not accessible via HTTP requests or by unauthorized users.
Implement proper credential storage mechanisms, such as hashing passwords instead of storing them in cleartext.
Monitor and block any suspicious remote access attempts targeting this file.