CWE-532 Base Incomplet Medium likelihood

Insertion of Sensitive Information into Log File

This vulnerability occurs when an application unintentionally writes confidential data, such as passwords or API keys, into its log files.

Définition

What is CWE-532?

This vulnerability occurs when an application unintentionally writes confidential data, such as passwords or API keys, into its log files.
Developers often add logging statements for debugging, but these can accidentally capture sensitive user data or system secrets. When these logs are stored insecurely or with broad permissions, attackers can read them to steal credentials, impersonate users, or gain unauthorized access to internal systems. This is a common oversight that turns a routine troubleshooting tool into a significant security liability. Preventing this requires careful code reviews to sanitize log output and configuring loggers to exclude sensitive fields. While SAST tools can catch the pattern, Plexicus uses AI to suggest the actual code fix—like replacing a sensitive value with a hash or redacting it entirely—saving hours of manual work. Managing this at scale across numerous applications is difficult; an ASPM like Plexicus can help you track and remediate these flaws across your entire software stack.
Vulnerability Diagram CWE-532
Insertion of Sensitive Information into Log Login handler log.info("body: " + body) app.log 11:00 INFO POST /login body: {user:"a", pw:"hunter2"} cookie: session=abc123 card: 4111-1111-1111-1111 11:01 INFO ... Anyone w/ logs SIEM, support, CI Secrets and PII written to logs end up in many systems and people.
Impact réel

Real-world CVEs caused by CWE-532

  • CVE-2017-9615

    verbose logging stores admin credentials in a world-readable log file

  • CVE-2018-1999036

    SSH password for private key stored in build log

Comment les attaquants l'exploitent

Parcours de l'attaquant étape par étape

  1. 1

    In the following code snippet, a user's full name and credit card number are written to a log file.

  2. 2

    This code stores location information about the current user:

  3. 3

    When the application encounters an exception it will write the user object to the log. Because the user object contains location information, the user's location is also written to the log.

  4. 4

    In the example below, the method getUserBankAccount retrieves a bank account object from a database using the supplied username and account number to query the database. If an SQLException is raised when querying the database, an error message is created and output to a log file.

  5. 5

    The error message that is created includes information about the database query that may contain sensitive information about the database or query logic. In this case, the error message will expose the table name and column names used in the database. This data could be used to simplify other attacks, such as SQL injection (CWE-89) to directly access the database.

Exemple de code vulnérable

Vulnerable Java

In the following code snippet, a user's full name and credit card number are written to a log file.

Vulnérable Java 
logger.info("Username: " + usernme + ", CCN: " + ccn);
Exemple de code sécurisé

Secure pseudo

Sécurisé pseudo 
// Validate, sanitize, or use a safe API before reaching the sink.
function handleRequest(input) {
  const safe = validateAndEscape(input);
  return executeWithGuards(safe);
}
What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Liste de contrôle de prévention

How to prevent CWE-532

  • Architecture and Design / Implementation Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
  • Distribution Remove debug log files before deploying the application into production.
  • Operation Protect log files against unauthorized read/write.
  • Implementation Adjust configurations appropriately when software is transitioned from a debug state to production.
Signaux de détection

How to detect CWE-532

Automated Static Analysis High

Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)

Correction automatique Plexicus

Plexicus détecte automatiquement CWE-532 et ouvre une PR de correction en moins de 60 secondes.

Codex Remedium analyse chaque commit, identifie cette faiblesse précise et livre une pull request prête à être relue avec le correctif. Pas de tickets. Pas de transferts.

Obtenir une démo Essayer Plexicus gratuitement
Questions fréquentes

Frequently asked questions

Qu'est-ce que CWE-532 ?

This vulnerability occurs when an application unintentionally writes confidential data, such as passwords or API keys, into its log files.

Quelle est la gravité de CWE-532 ?

MITRE évalue la probabilité d'exploitation comme Moyenne — l'exploitation est réaliste mais nécessite généralement des conditions spécifiques.

Quels langages ou plateformes sont affectés par CWE-532 ?

MITRE n'a pas spécifié les plateformes affectées pour ce CWE — il peut s'appliquer à la plupart des stacks applicatives.

Comment puis-je prévenir CWE-532 ?

Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files. Remove debug log files before deploying the application into production.

Comment Plexicus détecte et corrige CWE-532 ?

Le moteur SAST de Plexicus reconnaît la signature de flux de données de CWE-532 à chaque commit. Lorsqu'une correspondance est trouvée, notre agent Codex Remedium ouvre une PR de correction avec le code corrigé, les tests et un résumé d'une ligne pour le relecteur.

Où puis-je en savoir plus sur CWE-532 ?

MITRE publie la définition canonique à https://cwe.mitre.org/data/definitions/532.html. Vous pouvez également consulter la documentation OWASP et NIST pour des conseils adjacents.

Faiblesses associées

Weaknesses related to CWE-532

CWE-538 Parent

Insertion of Sensitive Information into Externally-Accessible File or Directory

This vulnerability occurs when an application unintentionally stores confidential data—like passwords, API keys, or personal user…

CWE-540 Frère

Inclusion of Sensitive Information in Source Code

This vulnerability occurs when sensitive information like passwords, API keys, or internal logic is exposed within source code that…

CWE-651 Frère

Exposure of WSDL File Containing Sensitive Information

This vulnerability occurs when a Web Service Definition Language (WSDL) file, which acts as a public blueprint for a web service, is…

Ressources

Further reading

Prêt quand vous l'êtes

Arrêtez de payer par développeur.
Commencez à fermer la boucle.

Plexicus est l'ASPM natif IA qui scanne, filtre, corrige, penteste et explique — de façon autonome. Développeurs illimités, dépôts illimités, actions IA à usage équitable. Vrai niveau gratuit, €269/mo annuel quand vous êtes prêt.

Commencer gratuitement Réserver une démo