Logging sensitive objects to console
Sensitive objects (including auth/session and account-derived data) were logged to the browser console, leaking information to anyone with developer tools open or to remote-debug environments.
Description
The frontend logged sensitive runtime objects to console.log, including session data and user account derivatives. While not directly exploitable, this leaks information to anyone observing the console (including pair-sessions, screen recordings, remote-debug bridges, or third-party scripts that hook the console API).
Impact
Informational. Lowers the threshold for opportunistic information leakage.
Recommendation
Remove sensitive console.log calls from production builds. Use a structured logger that drops sensitive fields by default and ships to a controlled telemetry destination, not the browser console.
Ipal Network: Confirmed. Zealynx: Fixed.