An attacker can evade detection by intentionally crafting input that violates the size constraints of a clouds audit logging mechanism. Many systems impose a maximum size limit on individual log entries. By performing an action with oversized data such as whitespace or Unicode injection, the resulting log event, which often includes the offending data, exceeds this limit, which often is redacted in the audit logs.
Management / Auditlog / Threats / DEV
Logging Evasion via violating size constraints
CCC.AUDITLOG.TH05
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.Core.CP03 | Access Log Publication | The service automatically publishes structured, verbose records of activities performed within the scope of the service by external actors. |
| CCC.Core.CP10 | Log Publication | The service automatically publishes structured, verbose records of activities, operations, or events that occur within the service. |
External Mappings
| Framework | ID | Remarks |
|---|---|---|
| OWASPTOP10 | A09:2021 | |
| CWE | CWE-778 | Insufficient Logging |
| CWE | CWE-223 | Omission of Security-Relevant Information |
| CWE | CWE-20 |