Page History

While several instances of this anti-pattern can be found in the wild, one example is of the fix provided in the LineControl Java client. Prior to version 0.8.1, the client logged sensitive information such as the local user's password \[[CVE 2008|AA. Java References#CVEBibliography#CVE 08]\].

\[[API 2006|AA. Java References#APIBibliography#API 06]\]] Class {{java.util.logging.Logger}}
\[[Sun 2006|AA. Java References#SunBibliography#Sun 06]\]] [Java Logging Overview|http://java.sun.com/javase/6/docs/technotes/guides/logging/overview.html]
\[[CVE 2008|AA. Java References#CVEBibliography#CVE 08]\]] [CVE-2005-2990|http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2990]
\[[Chess 2007|AA. Java References#ChessBibliography#Chess 07]\]] 11.1 Privacy and Regulation: Handling Private Information
\[[MITRE 2009|AA. Java References#MITREBibliography#MITRE 09]\] [CWE ID 532|http://cwe.mitre.org/data/definitions/532.html] "Information Leak Through Log Files", [CWE ID 533|http://cwe.mitre.org/data/definitions/533.html] "Information Leak Through Server Log Files", [CWE ID 359|http://cwe.mitre.org/data/definitions/359.html] "Privacy Violation", [CWE ID 542|http://cwe.mitre.org/data/definitions/542.html] "Information Leak Through Cleanup Log Files"