CWE-532
Insertion of Sensitive Information into Log File
AI Translation Available
The product writes sensitive information to a log file.
Status
incomplete
Abstraction
base
Likelihood
medium
Affected Platforms
Technical Details
AI Translation
Common Consequences
confidentiality
Impacts
read application data
Detection Methods
automated static analysis
Potential Mitigations
Phases:
architecture and design
implementation
distribution
operation
Descriptions:
•
Remove debug log files before deploying the application into production.
•
Adjust configurations appropriately when software is transitioned from a debug state to production.
•
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
•
Protect log files against unauthorized read/write.