Obscured Security-relevant Information by Alternate Name
This vulnerability occurs when a system logs or reports security-critical events using a nickname or alias for a component, instead of its official, unique identifier.
When security tools, logs, or alerts reference system components by alternate names (like local hostnames, IP addresses, or aliases), it creates a fragmented and confusing audit trail. Developers and security teams struggle to correlate events across different systems, as the same entity appears under multiple identities. This obscurity can hide attack patterns, delay incident response, and complicate forensic investigations. To prevent this, ensure all security logging uses a single, canonical identifier for each entity—such as a globally unique host ID, a service principal name, or a consistent FQDN. Implement centralized logging that normalizes these identifiers before storage, and design systems to resolve and log the authoritative name, not just the local alias used in a specific request or connection.
Impact: Hide ActivitiesGain Privileges or Assume Identity
ID : DX-175
This code prints the contents of a file if a user has permission.Code Example:
php//resolve file if its a symbolic link* if(is_link($filename)){ ``` $realFile = readlink($filename); } if(fileowner($realFile) == $user){ echo file_get_contents($realFile); return; } else{ echo 'Access denied'; writeLog($user . ' attempted to access the file '. $filename . ' on '. date('r')); } }
- PLOVER