debug.log File Exposure that exposes (user/████) username and password at █████████

Summary: Hello Team, I have discovered a debug.log file exposure vulnerability at █████████ . This vulnerability allows an attacker to view potentially sensitive information, including (user/██████) username and password. Details: The vulnerability is present at █████ of the application. When a user accesses the debug.log file, the application displays detailed information about the server , error messages and debugging information. In this case, the debug.log file contains (user/██████) username and password, which can be used by an attacker to gain unauthorised access to the application. Steps To Reproduce: Access the debug.log file by navigating to ███████ . Observe that the file is accessible and contains sensitive information. you can see the screenshot below. Recommendation: To mitigate this vulnerability, it is recommended that you remove or restrict access to the debug.log file. This can be achieved by deleting the file, renaming it to a less obvious name, or configuring the web server to restrict access to the file. In addition, it is recommended that all exposed (user/█████) credentials be changed immediately to prevent unauthorised access. Impact An attacker can exploit this vulnerability to gain unauthorised access to the application using the exposed █████████ credentials. This can result in a loss of confidentiality, integrity, and availability for the affected users. Please let me know if you require any further information or assistance. Kind regards,