Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FR]: Enhance the Privacy and Security for Download Logs when the user is logged out from the Wallet. #2446

Open
ShantanuSharma9873 opened this issue May 21, 2024 · 2 comments
Open

[FR]: Enhance the Privacy and Security for Download Logs when the user is logged out from the Wallet. #2446

ShantanuSharma9873 opened this issue May 21, 2024 · 2 comments
Assignees
@smk762
Labels
opSEC security related feedback/issue

Comments

@ShantanuSharma9873
Copy link
Collaborator

Please describe.
Currently, the download logs feature allows users who have logged out to download logs without reconnecting their wallet. Moreover, if multiple wallets were previously connected, the logs for all those wallets may be downloaded without logging into any of them.

Describe your solution

  • Enhance the privacy and security of the download logs feature to ensure that only authenticated and connected wallet users can access their specific logs.
  • Additionally, ensure that logs from multiple previously connected wallets are not accessible without proper authentication.

Additional context
Downloaded logs when user is logged out
komodo_wallet_log_21.05.2024_20-40-38.txt
@smk762 smk762 added the P0 Blocker / critical defect label Aug 11, 2024
@smk762 smk762 self-assigned this Aug 11, 2024
@smk762 smk762 added the opSEC security related feedback/issue label Aug 11, 2024
@smk762 smk762 removed the P0 Blocker / critical defect label Aug 20, 2024
@smk762
Copy link
Collaborator

smk762 commented Aug 20, 2024

@ShantanuSharma9873 are you sure this issue is not intended for the web wallet?

@ShantanuSharma9873
Copy link
Collaborator Author

ShantanuSharma9873 commented Aug 21, 2024
edited
Loading

Yes @smk762 , this issue is observed on the Web Wallet and still persists.
Please find the attach video attachment and the Downloaded logs when I'm logged out.
Video -
https://github.com/user-attachments/assets/9267313a-12f9-4779-bc0d-4d9cab3b2a0c

Note: The downloaded file is 1,02,629KB, and thus was not able to upload here as it only accepts 25MB max.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@smk762 smk762

Labels
opSEC security related feedback/issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@smk762 @ShantanuSharma9873