|
Status: Incomplete Weakness ID: 532 (Weakness Variant)Description Summary Information written to log files can be of a sensitive nature and give valuable guidance to an attacker. Potential Mitigations Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files. Protect log files against unauthorized read/write. Demonstrative Examples In the following code snippet, a user's full name and credit card number are written to a log file. Java Example: logger.info("Username: " + usernme + ", CCN: " + ccn);
Relationships
Taxonomy Mappings
Time of Introduction Architecture and Design Implementation OperationContent History Submissions Anonymous Tool Vendor (under NDA). (Externally Mined) Modifications Sean Eidemiller. Cigital. 2008-07-01. (External) added/updated demonstrative examples Eric Dalci. Cigital. 2008-07-01. (External) updated Potential_Mitigations, Time_of_Introduction CWE Content Team. MITRE. 2008-09-08. (Internal) updated Relationships, Taxonomy_Mappings |
|
|
|||