Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

logging vpcab issue not severe enough #1561

Closed
jmanico opened this issue Dec 12, 2024 · 3 comments
Closed

logging vpcab issue not severe enough #1561

jmanico opened this issue Dec 12, 2024 · 3 comments
Assignees
@jmanico
Labels
ACK_OBTAINED Issue acknowledged from core team so work can be done to fix it. HELP_WANTED Issue for which help is wanted to do the job. UPDATE_CS Issue about the update/refactoring of a existing cheat sheet.

Comments

@jmanico
Copy link
Member

jmanico commented Dec 12, 2024

IN https://cheatsheetseries.owasp.org/cheatsheets/Logging_Vocabulary_Cheat_Sheet.html

I think that

authn_password_change_fail[:userid]

should be more severe than info, maybe even crtical
@jmanico jmanico added ACK_WAITING Issue waiting acknowledgement from core team before to start the work to fix it. NEW_CS Issue about the creation of a new cheat sheet. HELP_WANTED Issue for which help is wanted to do the job. labels Dec 12, 2024
@kwwall
Copy link
Collaborator

kwwall commented Dec 12, 2024

IMO, 'critical' is probably overreacting, especially company still has a massive user base along with outdated mandatory password expiration and/or password complexity rules. In such situations, unless you are also comparing the 'New Password' and 'Confirm Password' on the client-side (which is advisable, but often not done), you are bound to have a lot of finger farts or violations of the password complexity rules that are still in place. And no one wants to deal with all that noise, especially if it's marked as critical. I personally think just logging it as a warning is adequate. Just my $.02.

@jmanico
Copy link
Member Author

jmanico commented Dec 12, 2024

Right now it's just info, which I think is not enough. I'd at least like to see this get bumped to warn.

@mackowski
Copy link
Collaborator

Agree @jmanico do you want to make PR?

@mackowski mackowski added ACK_OBTAINED Issue acknowledged from core team so work can be done to fix it. UPDATE_CS Issue about the update/refactoring of a existing cheat sheet. and removed ACK_WAITING Issue waiting acknowledgement from core team before to start the work to fix it. NEW_CS Issue about the creation of a new cheat sheet. labels Jan 14, 2025
jmanico added a commit that referenced this issue Jan 16, 2025
@jmanico
https://github.com/OWASP/CheatSheetSeries/issues/1561
3ed457a 
Addressing issue #1561
@jmanico jmanico mentioned this issue Jan 16, 2025
Merged
8 tasks
mackowski pushed a commit that referenced this issue Jan 17, 2025
@jmanico
#1561 (#1592)
e73df46 
Addressing issue #1561
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jmanico jmanico

Labels
ACK_OBTAINED Issue acknowledged from core team so work can be done to fix it. HELP_WANTED Issue for which help is wanted to do the job. UPDATE_CS Issue about the update/refactoring of a existing cheat sheet.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jmanico @kwwall @mackowski