Sensitive information stored in logs - PHP

Sensitive information stored in logs - PHP

Need

Secure handling of sensitive information in logs

Context

  • Usage of PHP 7.0 for server-side scripting and web development
  • Usage of Illuminate\\Http\\Request for handling HTTP requests in Laravel
  • Usage of Illuminate\\Support\\Facades\\Log for logging in Laravel
  • Usage of App\\Http\\Controllers\\Controller for defining controller logic in a web application framework

Description

Non compliant code

        input('email');
        $password = $request->input('password');

        // Logging sensitive information
        \\Log::info('User login attempt: ' . $email . ' Password: ' . $password);

        // Authentication logic goes here...
    }
}
        
        

In the above code, the login method in the UserController is logging sensitive information.

When a user attempts to log in, their email and password are retrieved from the request and logged as an info message. This is a security vulnerability because the logs might be accessible by unauthorized users, which would expose sensitive user information.

Moreover, even if the logs are only accessible by authorized users, it is still a bad practice to store sensitive information in logs because it can be inadvertently exposed through log files backups, log files shared for debugging purposes, or in case of a data breach.

The sensitive information in this case is the user's email and password, which are critical for user's account security. If an attacker gains access to this information, they could potentially impersonate the user, gaining access to their account and any associated resources or data.

This vulnerability falls under the category of 'Information Exposure' according to the OWASP Top 10.

Steps

  • Remove the logging of sensitive information such as email and password.
  • If logging is necessary, only log non-sensitive information.
  • Consider using a secure way to log errors or events, such as a logging service that encrypts the data.
  • Implement a log masking strategy for sensitive data if it is absolutely necessary to log such information.
  • Regularly audit your logs to ensure no sensitive information is being stored.

Compliant code

        input('email');
        $password = $request->input('password');

        // Removed logging of sensitive information
        // \\Log::info('User login attempt: ' . $email . ' Password: ' . $password);

        // Logging non-sensitive information
        \\Log::info('User login attempt: ' . $email);

        // Authentication logic goes here...
    }
}
        
        

The original code was logging sensitive information such as the user's email and password. This is a security vulnerability as it exposes sensitive user information in the logs, which could be accessed by unauthorized individuals.

The fixed code removes the logging of the user's password. Now, only the user's email is logged when a login attempt is made. This reduces the risk of sensitive information being exposed.

However, it's important to note that even non-sensitive information can be valuable to an attacker. Therefore, it's recommended to implement a secure logging strategy. This could involve using a logging service that encrypts the data, or implementing log masking for sensitive data.

Regular audits of your logs should also be conducted to ensure no sensitive information is being stored. This will help to maintain the security and privacy of your users' information.

References