This is a simple POC that demonstrates how Sunbird stores messages in clear text, in Firebase Realtime DB, until they are ultimately stored on the user device. You can login with your Sunbird credentials and you'll see your messages appear in real time.
We've compiled our findings in this blog post if you are curious about the details on how this works.
- Data in Transit Vulnerability
- Data at Rest Vulnerability
- Implementation Vulnerability
- Insider Threat Vulnerability
You can do whatever you want with it. It was mostly written by ChatGPT.