SYM_CONF_0094 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Insufficient Logging
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-778: Insufficient Logging |
| OWASP | A10:2017 - Insufficient Logging & Monitoring |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
The App Service resource in Azure is not configured to enable failed request tracing. Without this setting, important information about failed requests may not be logged, making it harder to diagnose issues or investigate suspicious activity.
Impact
If failed request tracing is disabled, security incidents or operational problems could go undetected or unresolved, as there would be insufficient logs to identify what went wrong. This can hinder incident response and leave the application vulnerable to undetected attacks or misconfigurations.