DEPRECATED: Information Exposure Through Server Log Files
This entry has been deprecated. Its scope was too narrow, focusing on a specific symptom rather than the root cause. Please refer to CWE-532: Insertion of Sensitive Information into Log File for the current, more comprehensive guidance.
CWE-533 was retired because it described a single, common consequence—data leaks in server logs—without addressing the core vulnerability: the insecure practice of writing sensitive data to logs in the first place. The updated category, CWE-532, provides a broader and more useful framework for developers, covering all instances where secrets like passwords, tokens, or personal data are inadvertently recorded, regardless of the eventual exposure path. For secure development, focus on preventing sensitive information from entering log streams. Implement structured logging, use placeholders for dynamic data, and configure loggers to filter or hash critical values. Always audit your logging code and treat application logs with the same security level as your primary data stores to mitigate this risk effectively.