Sensitive information stored in logs | Fluid Attacks Database

Database

Description

The system stores sensitive information such as credentials, bank accounts and file paths in log files.

Impact

Obtain sensitive information that may compromise system resources.

Recommendation

Verify that the information stored in logs is not sensitive.

Threat

Authorized local attacker with access to the log files.

Expected Remediation Time

⏱️ 30 minutes.

Requirements

083 - Avoid logging sensitive data 322 - Avoid excessive logging

Rules

Go Sensitive Information In Logs Scala Logging Of Sensitive Data Python Fastapi Sensitive Data Logging Javascript Pino Sensitive Information In Logs Java Sensitive Information In Slf4j Log Typescript Winston Sensitive Information In Logs Javascript Bunyan Sensitive Information In Logs Typescript Bunyan Sensitive Information In Logs C Sharp Sensitive Information In Logs Typescript Pino Sensitive Information In Logs Python Django Sensitive Data Logging Javascript Log4js Sensitive Information In Logs Javascript Winston Sensitive Information In Logs Ruby Sensitive Information In Logger Typescript Log4js Sensitive Information In Logs Java Sensitive Information In Log4j Log Python Flask Sensitive Data Logging Php Sensitive Information Stored In Log Python Starlette Sensitive Data Logging

Fixes

Csharp Dart Go Java JavaScript/TypeScript Php Python Ruby Scala