CWE WEAKNESSES / CWE-532
CWE-532
Insertion of Sensitive Information into Log File
Base EXPLOIT LIKELIHOOD: MEDIUM
What it is
The product writes sensitive information to a log file.
Impact
| Confidentiality | Read Application Data |
Mitigations
- [Architecture and Design, Implementation] Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
- [Distribution] Remove debug log files before deploying the application into production.
- [Operation] Protect log files against unauthorized read/write.
- [Implementation] Adjust configurations appropriately when software is transitioned from a debug state to production.
Real-world CVE examples
- CVE-2017-9615 — verbose logging stores admin credentials in a world-readable log file
- CVE-2018-1999036 — SSH password for private key stored in build log
Related weaknesses
Test & detect
Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.
Source: MITRE CWE. View on cwe.mitre.org →