CWE-532

Insertion of Sensitive Information into Log File

Base

Incomplete

The product writes sensitive information to a log file.

Parent Weaknesses (ChildOf)

Scope

Confidentiality

Impact

Read Application Data

Architecture and Design

Implementation

Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.

Distribution

Remove debug log files before deploying the application into production.

Operation

Protect log files against unauthorized read/write.

Implementation

Adjust configurations appropriately when software is transitioned from a debug state to production.

verbose logging stores admin credentials in a world-readable log file

SSH password for private key stored in build log

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.