DEPRECATED: Information Exposure Through Debug Log Files
This deprecated entry describes a vulnerability where sensitive application data is unintentionally written to debug log files, potentially exposing it to unauthorized users. It has been consolidated into the broader CWE-532: Information Exposure Through Log Files.
This weakness occurs when developers include sensitive information—like passwords, session tokens, API keys, or personal user data—in debug or trace log statements. While useful during development, these logs are often left active in production environments or archived insecurely, creating a persistent data leak. Attackers who gain access to these files, either locally on the server or through misconfigured permissions, can harvest this data to compromise user accounts or the system itself. To prevent this, developers should audit all logging statements to ensure no secrets or personal data are written. Use log severity levels appropriately, ensuring debug-level logging is disabled in production. For necessary diagnostic data, implement scrubbing routines that automatically redact sensitive fields before anything is written to disk, and always enforce strict access controls on log file directories.