CWE WEAKNESSES / CWE-221
CWE-221
Information Loss or Omission
Class
What it is
The product does not record, or improperly records, security-relevant information that leads to an incorrect decision or hampers later analysis.
Impact
| Non-Repudiation | Hide Activities |
Real-world CVE examples
- CVE-2004-2227 — Web browser's filename selection dialog only shows the beginning portion of long filenames, which can trick users into launching executables with dangerous exte
- CVE-2003-0412 — application server does not log complete URI of a long request (truncation).
- CVE-1999-1029 — Login attempts are not recorded if the user disconnects before the maximum number of tries.
- CVE-2002-0725 — Attacker performs malicious actions on a hard link to a file, obscuring the real target file.
- CVE-1999-1055 — Product does not warn user when document contains certain dangerous functions or macros.
Related weaknesses
Test & detect
Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.
Source: MITRE CWE. View on cwe.mitre.org →