Magebean Logo Magebean
← Back to Baseline

MB-R024Sensitive data not logged

C03 Secure Coding Practices High

Logs must not contain sensitive information such as passwords, API tokens, or card data. Attackers with log access can exploit leaked data. Magento logging should use sanitization filters and redact sensitive values before writing to files or monitoring systems.

Why it Matters

Logs are often used for debugging and monitoring, but if they contain sensitive data such as passwords, API keys, credit card numbers, or personal details, they become a liability. Attackers who gain access to log files can harvest this data and use it for fraud or account takeover.

Sanitizing logs ensures only safe, useful information is recorded. By redacting or removing sensitive values before writing them, you keep logs helpful for troubleshooting without creating a new source of data leakage. This also supports compliance with privacy regulations like GDPR and PCI DSS.

Verification Steps

Manual

# Review log files for sensitive data
grep -R "password" var/log
grep -R "token" var/log
grep -R "card" var/log

# Review custom code for logging raw request/response data

Remediation / Fix Guidance

  1. Never log full passwords, tokens, or payment data.
  2. Mask sensitive values before logging (e.g., show only last 4 digits of a card number).
  3. Use Magento’s logging framework, which supports sanitization plugins.
  4. Review custom modules to confirm they filter logs correctly.
  5. Restrict log access to trusted administrators only.

Examples

Fail Example
// Unsafe logging
$this->logger->info("Login failed for user $email with password $password");
Pass Example
// Safe logging
$this->logger->info("Login failed for user $email");
// Password not included

References