BaseDraft

CWE-778Insufficient Logging

Category: other

Description

When a security-critical event occurs, the product either does not record the event or omits important details about the event when logging it.

Common consequences· 1

  • Non-Repudiation — Hide Activities
    If security critical information is not recorded, there will be no trail for forensic analysis and discovering the cause of problems or the source of attacks may become more difficult or impossible.

Potential mitigations· 4

  • [Architecture and Design]Use a centralized logging mechanism that supports multiple levels of detail.
  • [Implementation]Ensure that all security-related successes and failures can be logged. When storing data in the cloud (e.g., AWS S3 buckets, Azure blobs, Google Cloud Storage, etc.), use the provider's controls to enable and capture detailed logging information.
  • [Operation]Be sure to set the level of logging appropriately in a production environment. Sufficient data should be logged to enable system administrators to detect attacks, diagnose errors, and recover from attacks. At the same time, logging too much data (CWE-779) can cause the same problems, including unexpected costs when using a cloud environment.
  • [Operation]To enable storage logging using Azure's Portal, navigate to the name of the Storage Account, locate Monitoring (CLASSIC) section, and select Diagnostic settings (classic). For each of the various properties (blob, file, table, queue), ensure the status is properly set for the desired logging data. If using PowerShell, the Set-AzStorageServiceLoggingProperty command could be called using appropriate -ServiceType, -LoggingOperations, and -RetentionDays arguments.

References

  1. https://cwe.mitre.org/data/definitions/778.html

Compliance frameworks addressing this (incoming)6

TypeTargetConfidenceTier
ComplianceControlcis_v8-8100%live
ComplianceControlnist_csf-de100%live
ComplianceControlowasp_top10-a09100%live
ComplianceControlai_act-art12100%live
ComplianceControlcra-art13100%live
ComplianceControliso27001-a.8.16100%live

(incoming)2

TypeTargetConfidenceTier
VulnerabilityCVE-2025-52644cve-2025-526440%live
VulnerabilityCVE-2026-32693cve-2026-326930%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Information Loss or Omission
CWE
Omission of Security-relevant Information
CWE
Logging of Excessive Data
CWE
Insertion of Sensitive Information into Log File
CWE
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CWE
Missing Authentication for Critical Function
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.