[NordVPN Linux] [Bug]🐛Sensitive Clear-text logging of sensitive exposures #783

odaysec · 2025-02-28T01:00:26Z

Line 48 in dbac8d8

dataRequestAPIToString(data, nil, nil, true),

Sensitive information that is logged unencrypted is accessible to an attacker who gains access to the logs.

POC

The following code logs user credentials (in this case, their password) in plain text:

package main

import (
	"log"
	"net/http"
)

func serve() {
	http.HandleFunc("/register", func(w http.ResponseWriter, r *http.Request) {
		r.ParseForm()
		user := r.Form.Get("user")
		pw := r.Form.Get("password")

		log.Printf("Registering new user %s with password %s.\n", user, pw)
	})
	http.ListenAndServe(":80", nil)
}

Instead, the credentials should be encrypted, obfuscated, or omitted entirely:

package main

import (
	"log"
	"net/http"
)

func serve1() {
	http.HandleFunc("/register", func(w http.ResponseWriter, r *http.Request) {
		r.ParseForm()
		user := r.Form.Get("user")
		pw := r.Form.Get("password")

		log.Printf("Registering new user %s.\n", user)

		// ...
		use(pw)
	})
	http.ListenAndServe(":80", nil)
}

References

M. Dowd, J. McDonald and J. Schuhm, The Art of Software Security Assessment, 1st Edition, Chapter 2 - 'Common Vulnerabilities of Encryption', p. 43. Addison Wesley, 2006.
Password Plaintext Storage.
CWE-312.
CWE-315.
CWE-359.

odaysec mentioned this issue Feb 28, 2025

Fix: Clear-text logging of sensitive information #784

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[NordVPN Linux] [Bug]🐛Sensitive Clear-text logging of sensitive exposures #783

[NordVPN Linux] [Bug]🐛Sensitive Clear-text logging of sensitive exposures #783

odaysec commented Feb 28, 2025

[NordVPN Linux] [Bug]🐛Sensitive Clear-text logging of sensitive exposures #783

[NordVPN Linux] [Bug]🐛Sensitive Clear-text logging of sensitive exposures #783

Comments

odaysec commented Feb 28, 2025

POC

References