CWE-532
AllowedInsertion of Sensitive Information into Log File
Abstraction: Base · Status: Incomplete
The product writes sensitive information to a log file.
1739 vulnerabilities reference this CWE, most recent first.
GHSA-86HP-CJ9J-33VV
Vulnerability from github – Published: 2021-04-07 20:33 – Updated: 2024-09-09 21:23A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0a1"
},
{
"fixed": "2.7.18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0a1"
},
{
"fixed": "2.8.12"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "ansible"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0a1"
},
{
"fixed": "2.9.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-1753"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-05T17:15:45Z",
"nvd_published_at": "2020-03-16T15:15:00Z",
"severity": "MODERATE"
},
"details": "A security flaw was found in Ansible Engine, all Ansible 2.7.x versions prior to 2.7.17, all Ansible 2.8.x versions prior to 2.8.11 and all Ansible 2.9.x versions prior to 2.9.7, when managing kubernetes using the k8s module. Sensitive parameters such as passwords and tokens are passed to kubectl from the command line, not using an environment variable or an input configuration file. This will disclose passwords and tokens from process list and no_log directive from debug module would not have any effect making these secrets being disclosed on stdout and log files.",
"id": "GHSA-86hp-cj9j-33vv",
"modified": "2024-09-09T21:23:00Z",
"published": "2021-04-07T20:33:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1753"
},
{
"type": "WEB",
"url": "https://github.com/ansible-collections/kubernetes/pull/51"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/pull/68195"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/04ba05e003b268b83df6c106ba5c0f08548b1380"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/137caed836ef096945086cfe75dc11587b68db3a"
},
{
"type": "WEB",
"url": "https://github.com/ansible/ansible/commit/273d8538dbe5a7b5c9954f1929d3bb00904c43f6"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1753"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-86hp-cj9j-33vv"
},
{
"type": "PACKAGE",
"url": "https://github.com/ansible-collections/kubernetes"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2020-210.yaml"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202006-11"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4950"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Insertion of Sensitive Information into Log File, Invocation of Process Using Visible Sensitive Information, and \tExposure of Sensitive Information to an Unauthorized Actor in Ansible"
}
GHSA-86M6-8M8R-F858
Vulnerability from github – Published: 2022-02-11 00:00 – Updated: 2025-07-23 15:31A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative privileges could exploit this vulnerability by accessing the audit logs through the CLI. A successful exploit could allow the attacker to retrieve sensitive information that includes user credentials.
{
"affected": [],
"aliases": [
"CVE-2022-20630"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-10T18:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative privileges could exploit this vulnerability by accessing the audit logs through the CLI. A successful exploit could allow the attacker to retrieve sensitive information that includes user credentials.",
"id": "GHSA-86m6-8m8r-f858",
"modified": "2025-07-23T15:31:07Z",
"published": "2022-02-11T00:00:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20630"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-info-disc-8QEynKEj"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-87GP-WMHR-WGCW
Vulnerability from github – Published: 2026-06-23 21:30 – Updated: 2026-06-26 00:32Module: plugins/modules/nexmo.py
CVSS 3.1: 6.5 MEDIUM — AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Issue: api_key and api_secret are declared no_log=True at the input level, but both credentials are immediately URL-encoded into a GET request as query parameters, bypassing all no_log protection.
Vulnerable Code (lines 82-93):
msg = { "api_key": module.params.get("api_key"), "api_secret": module.params.get("api_secret"), "from": module.params.get("src"), "text": module.params.get("msg"), } url = f"{NEXMO_API}?{urlencode(msg)}" response, info = fetch_url(module, url, headers=headers)
Observed Output:
https://rest.nexmo.com/sms/json?api_key=a1b2c3d4&api_secret=MyS3cr3tK3y!!&from=AnsibleBot&to=15551234567&text=Hello
Exposure Vectors:
Ansible verbose output (-vvv) logs the full request URL
Vonage/Nexmo server access logs record credentials in query string
HTTP proxies, SIEM, and network inspection tools capture the full URL
AWX/Automation Controller network debug logs
Fix: Switch to POST with credentials in the request body:
data = urlencode({"api_key": api_key, "api_secret": api_secret, "from": src, "to": number, "text": msg}) fetch_url(module, NEXMO_API, data=data, method="POST", headers={"Content-Type": "application/x-www-form-urlencoded"})
{
"affected": [],
"aliases": [
"CVE-2026-11820"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-23T21:16:54Z",
"severity": "MODERATE"
},
"details": "Module: plugins/modules/nexmo.py\n\nCVSS 3.1: 6.5 MEDIUM \u2014 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N \n\nIssue: api_key and api_secret are declared no_log=True at the input level, but both credentials are immediately URL-encoded into a GET request as query parameters, bypassing all no_log protection. \n\nVulnerable Code (lines 82-93):\n\nmsg = {\n\"api_key\": module.params.get(\"api_key\"),\n\"api_secret\": module.params.get(\"api_secret\"),\n\"from\": module.params.get(\"src\"),\n\"text\": module.params.get(\"msg\"),\n}\nurl = f\"{NEXMO_API}?{urlencode(msg)}\"\nresponse, info = fetch_url(module, url, headers=headers)\n\nObserved Output:\n\nhttps://rest.nexmo.com/sms/json?api_key=a1b2c3d4\u0026api_secret=MyS3cr3tK3y!!\u0026from=AnsibleBot\u0026to=15551234567\u0026text=Hello\n\nExposure Vectors: \n\nAnsible verbose output (-vvv) logs the full request URL \n\nVonage/Nexmo server access logs record credentials in query string \n\nHTTP proxies, SIEM, and network inspection tools capture the full URL \n\nAWX/Automation Controller network debug logs\n\nFix: Switch to POST with credentials in the request body:\n\ndata = urlencode({\"api_key\": api_key, \"api_secret\": api_secret,\n\"from\": src, \"to\": number, \"text\": msg})\nfetch_url(module, NEXMO_API, data=data, method=\"POST\",\nheaders={\"Content-Type\": \"application/x-www-form-urlencoded\"})",
"id": "GHSA-87gp-wmhr-wgcw",
"modified": "2026-06-26T00:32:03Z",
"published": "2026-06-23T21:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11820"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-11820"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488970"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-884H-9VV2-G8XV
Vulnerability from github – Published: 2022-05-24 19:05 – Updated: 2022-05-24 19:05In sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183961896
{
"affected": [],
"aliases": [
"CVE-2021-0549"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-22T12:15:00Z",
"severity": "MODERATE"
},
"details": "In sspRequestCallback of BondStateMachine.java, there is a possible leak of Bluetooth MAC addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183961896",
"id": "GHSA-884h-9vv2-g8xv",
"modified": "2022-05-24T19:05:53Z",
"published": "2022-05-24T19:05:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0549"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2021-06-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-889X-P867-8W2P
Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2022-05-24 19:20An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password.
{
"affected": [],
"aliases": [
"CVE-2021-3791"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-12T22:15:00Z",
"severity": "MODERATE"
},
"details": "An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password.",
"id": "GHSA-889x-p867-8w2p",
"modified": "2022-05-24T19:20:28Z",
"published": "2022-05-24T19:20:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3791"
},
{
"type": "WEB",
"url": "https://binatoneglobal.com/security-advisory"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-88C9-3488-GX4H
Vulnerability from github – Published: 2023-10-25 21:30 – Updated: 2023-11-02 18:30A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.
{
"affected": [],
"aliases": [
"CVE-2023-42857"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-25T19:15:10Z",
"severity": "LOW"
},
"details": "A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.",
"id": "GHSA-88c9-3488-gx4h",
"modified": "2023-11-02T18:30:24Z",
"published": "2023-10-25T21:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42857"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213982"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213984"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213982"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213984"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Oct/19"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2023/Oct/24"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-88PP-WQR9-8F77
Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-05-24 19:04An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412.
{
"affected": [],
"aliases": [
"CVE-2021-3039"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-10T13:15:00Z",
"severity": "MODERATE"
},
"details": "An information exposure through log file vulnerability exists in the Palo Alto Networks Prisma Cloud Compute Console where a secret used to authorize the role of the authenticated user is logged to a debug log file. Authenticated Operator role and Auditor role users with access to the debug log files can use this secret to gain Administrator role access for their active session in Prisma Cloud Compute. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. This issue impacts all Prisma Cloud Compute versions earlier than Prisma Cloud Compute 21.04.412.",
"id": "GHSA-88pp-wqr9-8f77",
"modified": "2022-05-24T19:04:54Z",
"published": "2022-05-24T19:04:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3039"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2021-3039"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-89PW-4635-WC84
Vulnerability from github – Published: 2022-05-14 01:57 – Updated: 2022-05-14 01:57Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during BOSH deployment logs. A malicious user with access to the logs could escalate their privileges using this password.
{
"affected": [],
"aliases": [
"CVE-2018-1198"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-17T16:29:00Z",
"severity": "HIGH"
},
"details": "Pivotal Cloud Cache, versions prior to 1.3.1, prints a superuser password in plain text during BOSH deployment logs. A malicious user with access to the logs could escalate their privileges using this password.",
"id": "GHSA-89pw-4635-wc84",
"modified": "2022-05-14T01:57:27Z",
"published": "2022-05-14T01:57:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1198"
},
{
"type": "WEB",
"url": "https://pivotal.io/security/cve-2018-1198"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-89VG-R6G6-J7G4
Vulnerability from github – Published: 2022-05-13 00:01 – Updated: 2022-05-24 00:01In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible
{
"affected": [],
"aliases": [
"CVE-2022-29928"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-12T09:15:00Z",
"severity": "MODERATE"
},
"details": "In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible",
"id": "GHSA-89vg-r6g6-j7g4",
"modified": "2022-05-24T00:01:45Z",
"published": "2022-05-13T00:01:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29928"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-8CFG-VX93-JVXW
Vulnerability from github – Published: 2023-02-06 23:27 – Updated: 2024-05-20 19:48In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.5, <= v1.18.13, <= v1.17.15, < v1.20.0-alpha2.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "k8s.io/client-go"
},
"ranges": [
{
"events": [
{
"introduced": "0.19.0"
},
{
"fixed": "0.19.6"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "k8s.io/client-go"
},
"ranges": [
{
"events": [
{
"introduced": "0.20.0-alpha.0"
},
{
"fixed": "0.20.0-alpha.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "k8s.io/client-go"
},
"ranges": [
{
"events": [
{
"introduced": "0.18.0"
},
{
"fixed": "0.18.14"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "k8s.io/client-go"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.17.16"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "k8s.io/kubernetes"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.20.0-alpha.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-8565"
],
"database_specific": {
"cwe_ids": [
"CWE-532"
],
"github_reviewed": true,
"github_reviewed_at": "2023-02-06T23:27:56Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects \u003c= v1.19.5, \u003c= v1.18.13, \u003c= v1.17.15, \u003c v1.20.0-alpha2.",
"id": "GHSA-8cfg-vx93-jvxw",
"modified": "2024-05-20T19:48:09Z",
"published": "2023-02-06T23:27:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8565"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/issues/95623"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/pull/95316"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/client-go/commit/19875a3d5a2e0d4f51c976a9e0662de3c2c011e3"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/client-go/commit/1b8383fc150c9b816b0072032cca75754c2734d0"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/client-go/commit/44e1a07f2d513e375c4b6ee6e890040b47befe86"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/client-go/commit/e8f871a2e5fadf90fc114565abc0963967f1a373"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/commit/e99df0e5a75eb6e86123b56d53e9b7ca0fd00419"
},
{
"type": "PACKAGE",
"url": "https://github.com/kubernetes/client-go"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2021-0064"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Kubernetes client-go vulnerable to Sensitive Information Leak via Log File"
}
Mitigation
Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files.
Mitigation
Remove debug log files before deploying the application into production.
Mitigation
Protect log files against unauthorized read/write.
Mitigation
Adjust configurations appropriately when software is transitioned from a debug state to production.
CAPEC-215: Fuzzing for application mapping
An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash.