Sensitive information stored in logs
Description
The system stores sensitive information such as credentials, bank accounts and file paths in log files.
Impact
Obtain sensitive information that may compromise system resources.
Recommendation
Verify that the information stored in logs is not sensitive.
Threat
Authorized local attacker with access to the log files.
Expected Remediation Time
⏱️ 30 minutes.
Requirements
083 - Avoid logging sensitive dataScore
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
L
Attack complexity
L
Attack requirements
N
Privileges required
H
User interaction
N
Confidentiality (VC)
L
Integrity (VI)
N
Availability (VA)
N
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
X
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N