CWE-532βInsertion of Sensitive Information into Log File
PUBLISHEDweakness recordMedium
released 2006-07-19 Β· last modified 2025-12-11
Metadata
- CWE ID:
- CWE-532
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Incomplete
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2025-12-11
Weakness Name
Insertion of Sensitive Information into Log File
Description
The product writes sensitive information to a log file.
Common Consequences
- Scope:
- Confidentiality
- Impact:
- Read Application Data
- Notes:
- Logging sensitive user data, full path names, or system information often provides attackers with an additional, less-protected path to acquiring the information.