Sensitive data exposure via logging and storage #3
Description
Describe the bug
The application stores and logs full credit card numbers and CVV codes. Debug output exposes sensitive user information, and admin credentials are hardcoded and displayed in security audit logs. This results in sensitive data exposure.
To Reproduce
- Create or view a payment in the application
- Observe that credit card number and CVV are stored and logged
- Run the security audit and see admin credentials displayed
- Review debug logs for exposure of sensitive user info
Expected behavior
Sensitive data (credit cards, CVV, credentials) must never be logged or stored in plaintext. Admin credentials should not be hardcoded or exposed.
Additional context
Security issues provided intentionally for learning.