|
Naziv
|
Log Injection-Tampering-Forging
|
|
Sažetak
|
This attack targets the log files of the target host. The attacker injects, manipulates or forges malicious log entries in the log file, allowing them to mislead a log audit, cover traces of attack, or perform other malicious actions. The target host is not properly controlling log access. As a result tainted data is resulting in the log files leading to a failure in accountability, non-repudiation and incident forensics capability.
|
|
Preduvjeti
|
The target host is logging the action and data of the user.|The target host insufficiently protects access to the logs or logging mechanisms.
|
|
Rješenja
|
['Carefully control access to physical log files.', 'Do not allow tainted data to be written in the log file without prior input validation. An allowlist may be used to properly validate the data.', 'Use synchronization to control the flow of execution.', 'Use static analysis tools to identify log forging vulnerabilities.', 'Avoid viewing logs with tools that may interpret control characters in the file, such as command-line shells.']
|
