083 – Avoid logging sensitive data

Summary

The system must not register sensitive information when logging exceptional events.

Description

While event logging is generally a good security practice, the organization must consider that using high logging levels is only appropriate for development environments, since having too much log information in production stages may hinder the performance of a system administrator in detecting abnormal conditions. Furthermore, if sensitive information is recorded in the logs, an attacker that gets access to these can also obtain the information.

Supported In

Advanced: True

References

• CWE-532. Insertion of sensitive information into log file
• CWE-1295. Debug messages revealing unnecessary information
• EPRIVACY-4_1a. Security of processing
• OWASP10-A2. Cryptographic failures
• OWASP10-A3. Injection
• OWASP10-A9. Security logging and monitoring failures
• CPRA-1798_104. Compliance with right to know and disclosure requirements
• CERTJ-IDS06-J. Exclude unsanitized user input from format strings
• CERTJ-FIO13-J. Do not log sensitive information outside a trust boundary
• MITRE-M1029. Remote data storage
• PADSS-1_1_5. Do not store sensitive authentication data on vendor systems
• PADSS-10_2_3. Remote access to customer's payment applications must be implemented securely
• CMMC-AC_L2-3_1_7. Privileged functions
• HITRUST-09_h. Capacity management
• HITRUST-09_ab. Monitoring system use
• WASSEC-6_2_5_2. Information disclosure - Information leakage
• PTES-5_3_2. Vulnerability analysis - Traffic monitoring
• OWASPSCP-7. Error handling and logging
• BSAFSS-LO_2-3. Implement securely logging mechanisms
• ASVS-7_1_1. Log content
• ASVS-7_2_4. Log processing
• CASA-7_1_1. Log Content

Weaknesses

• 059 – Sensitive information stored in logs

Last updated

2023/09/18