CWE-221: Information Loss or Omission

Description

The product does not record, or improperly records, security-relevant information that leads to an incorrect decision or hampers later analysis.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-10-26 00:00:00+00:00

Organization :

MITRE
Extended Description

This can be resultant, e.g. a buffer overflow might trigger a crash before the product can log the event.

Example Vulnerable Codes

Example - 1

This code logs suspicious multiple login attempts.

return True;

writeLog("Failed login attempt by User: " . $userName . " at " + date('r') );incrementLoginAttempts($userName);if(recentLoginAttempts($userName) > 5){}if(authenticate($userName,$password)){}else{}function login($userName,$password){}

This code only logs failed login attempts when a certain limit is reached. If an attacker knows this limit, they can stop their attack from being discovered by avoiding the limit.

Visit http://cwe.mitre.org/ for more details.

© cvefeed.io
Latest DB Update: Dec. 05, 2024 4:57