Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-778 (不充分的日志记录) — Vulnerability Class 21

21 vulnerabilities classified as CWE-778 (不充分的日志记录). AI Chinese analysis included.

CWE-778 represents a critical logging weakness where security-critical events are either omitted or recorded with insufficient detail, severely impairing an organization’s ability to detect and respond to threats. Attackers typically exploit this gap by conducting stealthy malicious activities, such as brute-force login attempts or privilege escalation, without leaving a traceable audit trail. This lack of visibility hinders forensic analysis, allowing intruders to maintain persistence and evade detection for extended periods. To mitigate this risk, developers must implement comprehensive logging strategies that capture essential context for all security-relevant actions, including user authentication, authorization checks, and system configuration changes. By ensuring logs contain adequate timestamps, source IPs, and user identifiers, organizations can enhance their monitoring capabilities and facilitate rapid incident response when anomalies occur.

MITRE CWE Description
When a security-critical event occurs, the product either does not record the event or omits important details about the event when logging it. When security-critical events are not logged properly, such as a failed login attempt, this can make malicious behavior more difficult to detect and may hinder forensic analysis after an attack succeeds. As organizations adopt cloud storage resources, these technologies often require configuration changes to enable detailed logging information, since detailed logging can incur additional costs. This could lead to telemetry gaps in critical audit logs. For example, in Azure, the default value for logging is disabled.
Common Consequences (1)
Non-RepudiationHide Activities
If security critical information is not recorded, there will be no trail for forensic analysis and discovering the cause of problems or the source of attacks may become more difficult or impossible.
Mitigations (4)
Architecture and DesignUse a centralized logging mechanism that supports multiple levels of detail.
ImplementationEnsure that all security-related successes and failures can be logged. When storing data in the cloud (e.g., AWS S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to enable and capture detailed logging information.
OperationBe sure to set the level of logging appropriately in a production environment. Sufficient data should be logged to enable system administrators to detect attacks, diagnose errors, and recover from attacks. At the same time, logging too much data (CWE-779) can cause the same problems, including unexpected costs when using a cloud environment.
OperationTo enable storage logging using Azure's Portal, navigate to the name of the Storage Account, locate Monitoring (CLASSIC) section, and select Diagnostic settings (classic). For each of the various properties (blob, file, table, queue), ensure the status is properly set for the desired logging data. If using PowerShell, the Set-AzStorageServiceLoggingProperty command could be called using appropriat…
Examples (2)
The example below shows a configuration for the service security audit feature in the Windows Communication Foundation (WCF).
<system.serviceModel> <behaviors> <serviceBehaviors> <behavior name="NewBehavior"> <serviceSecurityAudit auditLogLocation="Default" suppressAuditFailure="false" serviceAuthorizationAuditLevel="None" messageAuthenticationAuditLevel="None" /> ... </system.serviceModel>
Bad · XML
<system.serviceModel> <behaviors> <serviceBehaviors> <behavior name="NewBehavior"> <serviceSecurityAudit auditLogLocation="Default" suppressAuditFailure="false" serviceAuthorizationAuditLevel="SuccessAndFailure" messageAuthenticationAuditLevel="SuccessAndFailure" /> ... </system.serviceModel>
Good · XML
In the following Java example the code attempts to authenticate the user. If the login fails a retry is made. Proper restrictions on the number of login attempts are of course part of the retry functionality. Unfortunately, the failed login is not recorded and there would be no record of an adversary attempting to brute force the program.
if LoginUser(){ // Login successful RunProgram(); } else { // Login unsuccessful LoginRetry(); }
Bad · Java
if LoginUser(){ // Login successful log.warn("Login by user successful."); RunProgram(); } else { // Login unsuccessful log.warn("Login attempt by user failed, trying again."); LoginRetry(); }
Good · Java
CVE IDTitleCVSSSeverityPublished
CVE-2026-32803 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 3.3 Low2026-05-08
CVE-2026-3494 MariaDB Server Audit Plugin Comment Handling Bypass — MariaDB Server 4.3 Medium2026-03-03
CVE-2026-25598 Bypassing Logging of Outbound Connections Using sendto, sendmsg, and sendmmsg in Harden-Runner (Community Tier) — harden-runner 5.3AIMediumAI2026-02-09
CVE-2026-22279 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 4.3 Medium2026-01-22
CVE-2025-66552 Nextcloud Server admin_audit does not log all actions on files in groupfolders — security-advisories 4.3 Medium2025-12-05
CVE-2025-53498 Lack of Audit Logging in AbuseFilter — Mediawiki - AbuseFilter Extension 5.3AIMediumAI2025-07-07
CVE-2025-32967 OpenEMR doesn't log password administration properly — openemr 5.4 Medium2025-05-23
CVE-2025-2562 Devolutions Remote Desktop Manager 安全漏洞 — Remote Desktop Manager 8.8AIHighAI2025-03-26
CVE-2024-10863 Client-side audit exclusion vulnerability — Secure Content Manager 5.3 -2024-11-22
CVE-2024-48967 Life2000 ventilator and Service PC lack sufficient audit logging capabilities — Life2000 Ventilation System 10.0 Critical2024-11-14
CVE-2024-2291 MOVEit Transfer Logging Bypass Vulnerability — MOVEit Transfer 4.3 Medium2024-03-20
CVE-2024-24901 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 3.0 Low2024-03-04
CVE-2023-1995 Insufficient Logging Vulnerability in HiRDB — HiRDB Server 5.3 Medium2023-08-29
CVE-2022-30305 Fortinet FortiSandbox 安全漏洞 — FortiSandbox 3.6 Low2022-12-06
CVE-2022-31120 Federated share accepting/declining is not logged in audit log in Nextcloud Server — security-advisories 2.1 Low2022-08-04
CVE-2022-25783 Hacking attempts from logged-in users are not properly logged by GM — GateManager 4.3 Medium2022-05-04
CVE-2021-33689 SAP NetWeaver AS 安全漏洞 — SAP NetWeaver AS JAVA (Administrator applications) 4.3 -2021-07-14
CVE-2021-32680 Audit log is not properly logging unsetting of share expiration date — security-advisories 3.3 Low2021-07-12
CVE-2019-19277 Siemens SIPORT MP 安全漏洞 — SIPORT MP 6.5 -2020-03-10
CVE-2019-19295 Siemens SiNVR 3 Central Control Server和SiNVR 3 Video Server 安全漏洞 — Control Center Server (CCS) 4.3 Medium2020-03-10
CVE-2019-7613 Elasticsearch Winlogbeat 输入验证错误漏洞 — Logstash 5.3 -2019-03-25

Vulnerabilities classified as CWE-778 (不充分的日志记录) represent 21 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.