hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update javascript/ql/src/Security/CWE-312/CleartextLogging.qhelp

Browse Source 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
This commit is contained in:
Kristen Newbury
2023-02-02 11:12:44 -05:00
committed by GitHub
parent dc5eb40d5f
commit 231110ddca
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/src/Security/CWE-312/CleartextLogging.qhelp
View File

@@ -5,7 +5,8 @@
<overview>
<p>If sensitive data is written to a log entry it is exposed. Sensitive data should not be exposed.</p>
<p>If sensitive data is written to a log entry it could be exposed to an attacker
who gains access to the logs.</p>
<p>Potential attackers can obtain sensitive user data when the log output is displayed. Additionally that data may
expose system information such as full path names, system information, and sometimes usernames and passwords.</p>