Common Weakness Enumeration

CWE-532

Allowed

Insertion of Sensitive Information into Log File

Abstraction: Base · Status: Incomplete

The product writes sensitive information to a log file.

1739 vulnerabilities reference this CWE, most recent first.

GHSA-QXMC-P4V9-VCQQ

Vulnerability from github – Published: 2024-01-01 15:30 – Updated: 2024-01-08 18:30
VLAI
Details

The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible log files containing sensitive information when transactions occur.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6064"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-01T15:15:43Z",
    "severity": "HIGH"
  },
  "details": "The PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly-accessible log files containing sensitive information when transactions occur.",
  "id": "GHSA-qxmc-p4v9-vcqq",
  "modified": "2024-01-08T18:30:26Z",
  "published": "2024-01-01T15:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6064"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/423c8881-628b-4380-9677-65b3f5165efe"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R22F-RMV4-8Q7H

Vulnerability from github – Published: 2021-12-16 00:01 – Updated: 2021-12-18 00:01
VLAI
Details

In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java , there is a possible APN disclosure due to log information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191086488

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-0997"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-15T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In handleUpdateNetworkState of GnssNetworkConnectivityHandler.java , there is a possible APN disclosure due to log information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191086488",
  "id": "GHSA-r22f-rmv4-8q7h",
  "modified": "2021-12-18T00:01:19Z",
  "published": "2021-12-16T00:01:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0997"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/pixel/2021-12-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-R24Q-43J9-J222

Vulnerability from github – Published: 2022-03-31 00:00 – Updated: 2022-04-06 00:01
VLAI
Details

In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184525194

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-39739"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-30T16:15:00Z",
    "severity": "LOW"
  },
  "details": "In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184525194",
  "id": "GHSA-r24q-43j9-j222",
  "modified": "2022-04-06T00:01:56Z",
  "published": "2022-03-31T00:00:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39739"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/android-12l"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R2PH-VGMF-8GQH

Vulnerability from github – Published: 2024-11-18 06:30 – Updated: 2024-11-18 18:30
VLAI
Details

AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes a public IP address within network traffic. The attacker must know the victim's AnyDesk ID.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-52940"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-18T05:15:05Z",
    "severity": "HIGH"
  },
  "details": "AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes a public IP address within network traffic. The attacker must know the victim\u0027s AnyDesk ID.",
  "id": "GHSA-r2ph-vgmf-8gqh",
  "modified": "2024-11-18T18:30:54Z",
  "published": "2024-11-18T06:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52940"
    },
    {
      "type": "WEB",
      "url": "https://download.anydesk.com/changelog.txt"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ebrasha/abdal-anydesk-remote-ip-detector"
    },
    {
      "type": "WEB",
      "url": "https://x.com/ProfShafiei/status/1850856458017009830"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R33Q-8FQQ-HPHJ

Vulnerability from github – Published: 2022-05-14 02:18 – Updated: 2022-05-14 02:18
VLAI
Details

An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices, allowing attackers to obtain sensitive information (such as text-message content) by reading a copy of the Android log on the SD card. The system-wide Android logs are not directly available to third-party apps since they tend to contain sensitive data. Third-party apps can read from the log but only the log messages that the app itself has written. Certain apps can leak data to the Android log due to not sanitizing log messages, which is in an insecure programming practice. Pre-installed system apps and apps that are signed with the framework key can read from the system-wide Android log. We found a pre-installed app on the Orbic Wonder that when started via an Intent will write the Android log to the SD card, also known as external storage, via com.ckt.mmitest.MmiMainActivity. Any app that requests the READ_EXTERNAL_STORAGE permission can read from the SD card. Therefore, a local app on the device can quickly start a specific component in the pre-installed system app to have the Android log written to the SD card. Therefore, any app co-located on the device with the READ_EXTERNAL_STORAGE permission can obtain the data contained within the Android log and continually monitor it and mine the log for relevant data. In addition, the default messaging app (com.android.mms) writes the body of sent and received text messages to the Android log, as well as the recipient phone number for sent text messages and the sending phone number for received text messages. In addition, any call data contains phone numbers for sent and received calls.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-6599"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-08-29T19:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered on Orbic Wonder Orbic/RC555L/RC555L:7.1.2/N2G47H/329100b:user/release-keys devices, allowing attackers to obtain sensitive information (such as text-message content) by reading a copy of the Android log on the SD card. The system-wide Android logs are not directly available to third-party apps since they tend to contain sensitive data. Third-party apps can read from the log but only the log messages that the app itself has written. Certain apps can leak data to the Android log due to not sanitizing log messages, which is in an insecure programming practice. Pre-installed system apps and apps that are signed with the framework key can read from the system-wide Android log. We found a pre-installed app on the Orbic Wonder that when started via an Intent will write the Android log to the SD card, also known as external storage, via com.ckt.mmitest.MmiMainActivity. Any app that requests the READ_EXTERNAL_STORAGE permission can read from the SD card. Therefore, a local app on the device can quickly start a specific component in the pre-installed system app to have the Android log written to the SD card. Therefore, any app co-located on the device with the READ_EXTERNAL_STORAGE permission can obtain the data contained within the Android log and continually monitor it and mine the log for relevant data. In addition, the default messaging app (com.android.mms) writes the body of sent and received text messages to the Android log, as well as the recipient phone number for sent text messages and the sending phone number for received text messages. In addition, any call data contains phone numbers for sent and received calls.",
  "id": "GHSA-r33q-8fqq-hphj",
  "modified": "2022-05-14T02:18:48Z",
  "published": "2022-05-14T02:18:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6599"
    },
    {
      "type": "WEB",
      "url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R35R-RM7G-V9M8

Vulnerability from github – Published: 2026-07-01 18:31 – Updated: 2026-07-01 18:31
VLAI
Details

Insertion of Sensitive Information into Log File (CWE-532) in Kibana can lead to information disclosure. When the optional application performance monitoring (APM) instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to operators with log access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-49088"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-01T17:16:35Z",
    "severity": "MODERATE"
  },
  "details": "Insertion of Sensitive Information into Log File (CWE-532) in Kibana can lead to information disclosure. When the optional application performance monitoring (APM) instrumentation is enabled, sensitive request header values could be recorded in application logs, where they may be accessible to operators with log access.",
  "id": "GHSA-r35r-rm7g-v9m8",
  "modified": "2026-07-01T18:31:54Z",
  "published": "2026-07-01T18:31:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49088"
    },
    {
      "type": "WEB",
      "url": "https://discuss.elastic.co/t/kibana-8-18-9-8-19-6-9-0-8-9-1-6-security-update-esa-2026-50"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R3PR-Q6H2-2WPH

Vulnerability from github – Published: 2024-06-12 18:30 – Updated: 2024-06-12 18:30
VLAI
Details

CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause exposure of SNMP credentials when an attacker has access to the controller logs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-5557"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-12T17:15:51Z",
    "severity": "MODERATE"
  },
  "details": "CWE-532: Insertion of Sensitive Information into Log File vulnerability exists that could cause\nexposure of SNMP credentials when an attacker has access to the controller logs.",
  "id": "GHSA-r3pr-q6h2-2wph",
  "modified": "2024-06-12T18:30:41Z",
  "published": "2024-06-12T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5557"
    },
    {
      "type": "WEB",
      "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-163-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-163-04.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R47R-87P9-8JH3

Vulnerability from github – Published: 2023-03-23 21:30 – Updated: 2023-03-28 18:05
VLAI
Summary
Spring Vault vulnerable to insertion of sensitive information into a log file
Details

In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.vault:spring-vault-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework.vault:spring-vault-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-20859"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-03-23T23:11:08Z",
    "nvd_published_at": "2023-03-23T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token.",
  "id": "GHSA-r47r-87p9-8jh3",
  "modified": "2023-03-28T18:05:35Z",
  "published": "2023-03-23T21:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20859"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/spring-projects/spring-vault"
    },
    {
      "type": "WEB",
      "url": "https://spring.io/security/cve-2023-20859"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Spring Vault vulnerable to insertion of sensitive information into a log file"
}

GHSA-R54G-49RX-98CR

Vulnerability from github – Published: 2026-02-03 17:37 – Updated: 2026-02-03 19:44
VLAI
Summary
RustFS Logs Sensitive Credentials in Plaintext
Details

Summary

RustFS logs sensitive credential material (access key, secret key, session token) to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be accessible to internal or external log consumers and could lead to compromise of sensitive credentials. This vulnerability is classified as an information disclosure issue (CWE-532).

Details

The server writes newly generated STS credential information including the access key, secret key, and session token to logs. The following excerpts from application logs demonstrate this:

[2026-01-17 09:13:23.127767 +11:00] INFO [rustfs::admin::handlers::sts] [rustfs/src/admin/handlers/sts.rs:138] [rustfs-worker:ThreadId(4)] AssumeRole get new_cred Credentials { access_key: "5UGH6TM44IPA81AH1WZE", secret_key: "3BQ-KnO_iB5ovmd5SU4wIK6sFfaPTliftvQ_iNLS", session_token: "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJleHAiOjE3Njg2NDQ4MDMsInBhcmVudCI6InJ1c3Rmc2FkbWluIn0.F9ZhARXyU0cB6QoFMElKK5tns_RFQM9WlpMiGVuuDOpOfNrbEKE_9IK1oaJ_yqDsBlK115uYOcQcGohjgUPhOQ", expiration: Some(2026-01-17 10:13:23.0 +00:00:00), status: "on", parent_user: "rustfsadmin", groups: None, claims: None, name: None, description: None }

By inspecting logs, an attacker or unauthorized internal user with access to logs could retrieve these credentials and use them to authenticate to RustFS services or perform other unauthorized actions.

Impact

  • Information Exposure: Plaintext authentication credentials appear in log files that may be retained, backed up, or forwarded to centralized logging systems.
  • Credential Compromise: Access keys, secret keys, and session tokens may be used by unauthorized individuals to authenticate to RustFS services or hijack sessions.
  • Insider Threat: Even users with limited access who can read logs may gain elevated access if they retrieve credential material.
  • Compliance Risk: Logging sensitive authentication material may violate organizational policies and industry compliance standards (e.g., PCI-DSS, SOC2, ISO 27001) that forbid exposure of authentication secrets in logs

Remediation

  • Do not include secrets in log output — redact secret_key, session_token, and similar fields.
  • Log only safe identifiers such as non-sensitive IDs (e.g., parent_user, trace ID).
Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.0.0-alpha.81"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "rustfs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0-alpha.13"
            },
            {
              "fixed": "1.0.0-alpha.82"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-24762"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-03T17:37:33Z",
    "nvd_published_at": "2026-02-03T16:16:14Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nRustFS logs sensitive credential material (access key, secret key, session token) to application logs at INFO level. This results in credentials being recorded in plaintext in log output, which may be accessible to internal or external log consumers and could lead to compromise of sensitive credentials. This vulnerability is classified as an information disclosure issue (CWE-532).\n\n### Details\nThe server writes newly generated STS credential information including the access key, secret key, and session token to logs. The following excerpts from application logs demonstrate this:\n\n```\n[2026-01-17 09:13:23.127767 +11:00] INFO [rustfs::admin::handlers::sts] [rustfs/src/admin/handlers/sts.rs:138] [rustfs-worker:ThreadId(4)] AssumeRole get new_cred Credentials { access_key: \"5UGH6TM44IPA81AH1WZE\", secret_key: \"3BQ-KnO_iB5ovmd5SU4wIK6sFfaPTliftvQ_iNLS\", session_token: \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJleHAiOjE3Njg2NDQ4MDMsInBhcmVudCI6InJ1c3Rmc2FkbWluIn0.F9ZhARXyU0cB6QoFMElKK5tns_RFQM9WlpMiGVuuDOpOfNrbEKE_9IK1oaJ_yqDsBlK115uYOcQcGohjgUPhOQ\", expiration: Some(2026-01-17 10:13:23.0 +00:00:00), status: \"on\", parent_user: \"rustfsadmin\", groups: None, claims: None, name: None, description: None }\n```\nBy inspecting logs, an attacker or unauthorized internal user with access to logs could retrieve these credentials and use them to authenticate to RustFS services or perform other unauthorized actions.\n\n### Impact\n- Information Exposure: Plaintext authentication credentials appear in log files that may be retained, backed up, or forwarded to centralized logging systems.\n- Credential Compromise: Access keys, secret keys, and session tokens may be used by unauthorized individuals to authenticate to RustFS services or hijack sessions.\n- Insider Threat: Even users with limited access who can read logs may gain elevated access if they retrieve credential material.\n- Compliance Risk: Logging sensitive authentication material may violate organizational policies and industry compliance standards (e.g., PCI-DSS, SOC2, ISO 27001) that forbid exposure of authentication secrets in logs\n\n### Remediation\n- Do not include secrets in log output \u2014 redact secret_key, session_token, and similar fields.\n- Log only safe identifiers such as non-sensitive IDs (e.g., parent_user, trace ID).",
  "id": "GHSA-r54g-49rx-98cr",
  "modified": "2026-02-03T19:44:18Z",
  "published": "2026-02-03T17:37:33Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/rustfs/rustfs/security/advisories/GHSA-r54g-49rx-98cr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24762"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/rustfs/rustfs"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "RustFS Logs Sensitive Credentials in Plaintext"
}

GHSA-R576-65CC-Q67J

Vulnerability from github – Published: 2022-11-10 12:01 – Updated: 2022-11-10 19:01
VLAI
Details

Sensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751 allows local attackers with log access permission to get device identifier data through device log.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-39893"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-09T22:15:00Z",
    "severity": "LOW"
  },
  "details": "Sensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751 allows local attackers with log access permission to get device identifier data through device log.",
  "id": "GHSA-r576-65cc-q67j",
  "modified": "2022-11-10T19:01:05Z",
  "published": "2022-11-10T12:01:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39893"
    },
    {
      "type": "WEB",
      "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022\u0026month=11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.

Mitigation
Distribution

Remove debug log files before deploying the application into production.

Mitigation
Operation

Protect log files against unauthorized read/write.

Mitigation
Implementation

Adjust configurations appropriately when software is transitioned from a debug state to production.

CAPEC-215: Fuzzing for application mapping

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.