SYM_C_0001 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Insertion of Sensitive Information into Log File
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-532: Insertion of Sensitive Information into Log File |
| OWASP | A09:2021 - Security Logging and Monitoring Failures |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
Using unformatted strings directly in functions like printf (e.g., printing user input without specifying a format like %s) can accidentally reveal sensitive information or cause unexpected output. Always use proper format specifiers to safely display variable values.
Impact
If exploited, this issue can lead to sensitive data being logged or displayed, potentially exposing secrets or application internals. Attackers could use this to gather information about your system, making it easier to exploit other vulnerabilities or compromise the application.