Insertion of Sensitive Information into Log File
| Property | |
|---|---|
| Language | generic |
| Severity |  |
| CWE | CWE-532: Insertion of Sensitive Information into Log File |
| OWASP | A09:2021 - Security Logging and Monitoring Failures |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Sensitive parameters like passwords, secrets, or tokens are not marked with the @secure() decorator in your Bicep files. This means their values could be exposed in logs or visible in management tools.
Impact#
If sensitive values are not properly secured, they may be accidentally logged or displayed in Azure Portal, CLI, or PowerShell outputs. This can lead to credential leaks, allowing attackers to access protected resources or compromise your cloud environment.