Logging of Excessive Data
The product logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack.
Description
While logging is a good practice in general, and very high levels of logging are appropriate for debugging stages of development, too much logging in a production environment might hinder a system administrator's ability to detect anomalous conditions. This can provide cover for an attacker while attempting to penetrate a system, clutter the audit trail for forensic analysis, or make it more difficult to debug problems in a production environment.
See Also
Weaknesses in this category are related to resource lifecycle management.
Weaknesses in this category are related to audit-based components of a software system. Frequently these deal with logging user activities in order to identify undesir...
Weaknesses in this category are related to the design and architecture of audit-based components of the system. Frequently these deal with logging user activities in o...
This view (slice) covers all the elements in CWE.
This view (slice) covers weaknesses that are addressed by following requirements in the ISA/IEC 62443 series of standards for industrial automation and control systems...
This view (slice) displays only weakness base elements.
Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.