Information Loss or Omission

Description

This weakness occurs when an application fails to log critical security events or records them inaccurately, which can misguide security decisions and hinder incident investigation.

Extended Description

When a system doesn't capture key details like authentication failures, access violations, or input errors, security teams lose the visibility needed to detect and respond to attacks. This omission creates blind spots, making it difficult to understand an attack's origin, method, and impact, ultimately weakening your security posture. This problem can also be a side effect of another vulnerability. For instance, a severe issue like a buffer overflow might cause a program to crash abruptly before it has a chance to write any log entry about the anomalous event. This means the root cause remains hidden, complicating forensic analysis and delaying the fix for the underlying flaw.

Common Consequences 1

Scope: Non-Repudiation

Impact: Hide Activities

Demonstrative Examples 1

ID : DX-174

This code logs suspicious multiple login attempts.

Code Example:Bad
PHP
php

This code only logs failed login attempts when a certain limit is reached. If an attacker knows this limit, they can stop their attack from being discovered by avoiding the limit.

Observed Examples 5

CVE-2004-2227Web browser's filename selection dialog only shows the beginning portion of long filenames, which can trick users into launching executables with dangerous extensions.

CVE-2003-0412application server does not log complete URI of a long request (truncation).

CVE-1999-1029Login attempts are not recorded if the user disconnects before the maximum number of tries.

CVE-2002-0725Attacker performs malicious actions on a hard link to a file, obscuring the real target file.

CVE-1999-1055Product does not warn user when document contains certain dangerous functions or macros.