CWE-532β€”Insertion of Sensitive Information into Log File

PUBLISHEDweakness recordMedium
released 2006-07-19 Β· last modified 2025-12-11
CWE-532 - Insertion of Sensitive Information into Log File - Diagram

Metadata

CWE ID:
CWE-532
Abstraction:
Base
Structure:
Simple
Status:
Incomplete
Release Date:
2006-07-19
Latest Modification Date:
2025-12-11

Weakness Name

Insertion of Sensitive Information into Log File

Description

The product writes sensitive information to a log file.

Common Consequences

Scope:
Confidentiality
Impact:
Read Application Data
Notes:
Logging sensitive user data, full path names, or system information often provides attackers with an additional, less-protected path to acquiring the information.

Related Weaknesses