CWE-778Insufficient Logging

PUBLISHEDweakness recordMedium
released 2009-07-27 · last modified 2025-12-11

Metadata

CWE ID:
CWE-778
摘要:
Base
结构:
Simple
状态:
Draft
发布日期:
2009-07-27
更新日期:
2025-12-11

名称

Insufficient Logging

描述

When a security-critical event occurs, the product either does not record the event or omits important details about the event when logging it.

When security-critical events are not logged properly, such as a failed login attempt, this can make malicious behavior more difficult to detect and may hinder forensic analysis after an attack succeeds. As organizations adopt cloud storage resources, these technologies often require configuration changes to enable detailed logging information, since detailed logging can incur additional costs. This could lead to telemetry gaps in critical audit logs. For example, in Azure, the default value for logging is disabled.

常见后果

范围:
Non-Repudiation
影响:
Hide Activities
注释:
If security critical information is not recorded, there will be no trail for forensic analysis and discovering the cause of problems or the source of attacks may become more difficult or impossible.

相关 CWE