Name Log Injection-Tampering-Forging
Summary This attack targets the log files of the target host. The attacker injects, manipulates or forges malicious log entries in the log file, allowing him to mislead a log audit, cover traces of attack, or perform other malicious actions. The target host is not properly controlling log access. As a result tainted data is resulting in the log files leading to a failure in accountability, non-repudiation and incident forensics capability.
Prerequisites The target host is logging the action and data of the user. The target host insufficiently protects access to the logs or logging mechanisms.
Solutions Carefully control access to physical log files. Do not allow tainted data to be written in the log file without prior input validation. Whitelisting may be used to properly validate the data. Use synchronization to control the flow of execution. Use static analysis tools to identify log forging vulnerabilities. Avoid viewing logs with tools that may interpret control characters in the file, such as command-line shells.
Related Weaknesses
CWE ID Description
CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
CWE-117 Improper Output Neutralization for Logs
CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Back to Top