BugCrowd Bug Bounty Disclosure: P3 – Leak of usernames from a private website –

August 21, 2025
Leak of usernames from a private website

Leak of usernames from a private website

Researcher:
Engagement: National Aeronautics and Space Administration (NASA) – Vulnerability Disclosure Program
Disclosed at: 2025-08-20T15:15:27Z
Priority: P3
Status: Resolved

Summary

At the beginning, I analyzed the website’s JavaScript code and found that it stores a lot of information in the local storage, which is not the best place to keep site-related data, especially if it is sensitive. After that, I checked the local storage and found some endpoints, just as I expected from my analysis of the JavaScript file. Among these endpoints, I found data related to the usernames of private users, not for public access. Better luck to everyone.

Activity Feed

Actor Details Timestamp (UTC)
Martin_NASA Martin_NASA published 2025-08-20T15:15:27Z
everythingBlackkkk everythingBlackkkk requested 2025-08-18T17:24:26Z
Brandon Brandon marked the response request as resolved 2025-08-18T15:54:02Z
Brandon Brandon sent a: message 2025-08-18T15:54:01Z
everythingBlackkkk everythingBlackkkk submitted a response request from 2025-08-18T10:22:26Z
lemonade-bugcrowd lemonade-bugcrowd marked the response request as resolved 2025-08-18T10:13:51Z
lemonade-bugcrowd lemonade-bugcrowd sent a: message 2025-08-18T10:13:50Z
everythingBlackkkk everythingBlackkkk submitted a response request from 2025-08-14T20:39:27Z
Mason357_Bugcrowd Mason357_Bugcrowd changed the state to to resolved 2025-08-14T18:29:39Z
Martin_NASA Martin_NASA changed the state to to unresolved 2025-08-08T18:49:12Z
everythingBlackkkk everythingBlackkkk sent a: message 2025-08-04T17:24:19Z
Mason357_Bugcrowd Mason357_Bugcrowd sent a: message 2025-08-04T17:03:49Z
Mason357_Bugcrowd Mason357_Bugcrowd changed the state to to triaged 2025-08-04T17:03:43Z
everythingBlackkkk everythingBlackkkk created the submission 2025-08-03T04:43:57Z

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

Tags: , ,

You may have missed

image

[QILIN] – Ransomware Victim: Nissan CBI

August 21, 2025
image

[INCRANSOM] – Ransomware Victim: Universal Group For Engineering and Consulting

August 21, 2025
image

[QILIN] – Ransomware Victim: Fullerton Surgical Center (FSC)

August 21, 2025
image

[SPACEBEARS] – Ransomware Victim: All Truck Transportation Co

August 21, 2025
image

[SPACEBEARS] – Ransomware Victim: Ambitek

August 21, 2025