Information Exposure Through Debug Log

ID

php.information_exposure_through_debug_log

Severity

low

Resource

Information Leak

Language

Php

Tags

CWE:532, NIST.SP.800-53, OWASP:2021:A4

Description

Sensitive information leakage through debug log.

Rationale

Logging is an essential part of application maintenance, aiding in troubleshooting and performance monitoring. However, if not properly managed, logs can become a significant vulnerability, especially when they contain sensitive data such as authentication credentials, personal user information, or internal state.

The CWE-532 category highlights the risk of exposing sensitive information through logging, which could be easily exploited if log files are accessed by unauthorized users.

Consider the following example where sensitive data is logged:

<?php
// Simulate a user login process
$username = $_POST['username'];
$password = $_POST['password'];

// Improper logging of sensitive information
error_log("Debug info: User login with username = $username and password = $password");
?>

Remediation

To remediate issues related to information exposure through logs, follow these practical steps:

  1. Avoid Logging Sensitive Data: Refrain from logging sensitive information such as passwords, credit card details, and personally identifiable information unless it’s absolutely necessary. Use sanitization and redaction techniques if logging such information is unavoidable.

  2. Use Appropriate Logging Levels: Set logging levels appropriately. Use DEBUG or TRACE logging selectively, preferably during development and disable or restrict them in production environments.

  3. Implement Log Access Controls: Ensure that logs are stored securely and that access is restricted to authorized personnel only. Utilize encryption for log files if possible, and employ robust audit controls to monitor access.

  4. Regularly Audit Logs: Conduct regular audits of logs to identify and redact any instances of sensitive data that were improperly logged. This helps maintain the integrity of your logging strategy.

By following these steps, organizations can minimize the risks associated with information exposure through debug logs in your applications.

Configuration

To remediate issues related to information exposure through logs, follow these practical steps:

  1. Avoid Logging Sensitive Data: Refrain from logging sensitive information such as passwords, credit card details, and personally identifiable information unless it’s absolutely necessary. Use sanitization and redaction techniques if logging such information is unavoidable.

  2. Use Appropriate Logging Levels: Set logging levels appropriately. Use DEBUG or TRACE logging selectively, preferably during development and disable or restrict them in production environments.

  3. Implement Log Access Controls: Ensure that logs are stored securely and that access is restricted to authorized personnel only. Utilize encryption for log files if possible, and employ robust audit controls to monitor access.

  4. Regularly Audit Logs: Conduct regular audits of logs to identify and redact any instances of sensitive data that were improperly logged. This helps maintain the integrity of your logging strategy.

By following these steps, organizations can minimize the risks associated with information exposure through debug logs in your applications.

References

  • CWE-532 : Insertion of Sensitive Information into Log File.

  • FIO13-J : Do not log Sensitive Information outside a trust boundary

  • OWASP Top 10 2021 - A03 : Injection.