CWE-532 - Insertion of Sensitive Information into Log File
- Abstraction:Base
- Structure:Simple
- Status:Incomplete
- Release Date:2006-07-19
- Latest Modification Date:2024-11-19
Weakness Name
Insertion of Sensitive Information into Log File
Description
The product writes sensitive information to a log file.
Common Consequences
Scope: Confidentiality
Impact: Read Application Data
Notes: Logging sensitive user data, full path names, or system information often provides attackers with an additional, less-protected path to acquiring the information.
Related Weaknesses
CWE-200Exposure of Sensitive Information to an Unauthorized ActorHigh
CWE-538Insertion of Sensitive Information into Externally-Accessible File or Directory