CWE-223

Omission of Security-relevant Information

Base

What it is

The product does not record or display information that would be important for identifying the source or nature of an attack, or determining if an action is safe.

Impact

Non-Repudiation

Hide Activities

Real-world CVE examples

CVE-1999-1029 — Login attempts are not recorded if the user disconnects before the maximum number of tries.
CVE-2002-1839 — Sender's IP address not recorded in outgoing e-mail.
CVE-2000-0542 — Failed authentication attempts are not recorded if later attempt succeeds.

Related weaknesses

CWE-221 (childof)

Test & detect

Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.

Source: MITRE CWE. View on cwe.mitre.org →