Insertion of Sensitive Information into Log File
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-532: Insertion of Sensitive Information into Log File |
| OWASP | A09:2021 - Security Logging and Monitoring Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
Using unformatted strings directly in functions like printf (e.g., printing user input without specifying a format like %s) can accidentally reveal sensitive information or cause unexpected output. Always use proper format specifiers to safely display variable values.
Impact#
If exploited, this issue can lead to sensitive data being logged or displayed, potentially exposing secrets or application internals. Attackers could use this to gather information about your system, making it easier to exploit other vulnerabilities or compromise the application.