During a web-application penetration test you discover that the application's debug log file stores full OAuth bearer tokens in clear text. Which of the following best describes the security impact of this logging practice?
No impact, because bearer tokens are encrypted by default when written to a log.
Minimal impact, because log files are accessible only to system administrators.
Little impact, because tokens are invalid outside the original session context.
Attackers who obtain the log file can replay the tokens and impersonate users, leading to serious confidentiality breaches.
Bearer (and similar) authentication tokens grant whoever holds them the same access rights as the user for as long as the token remains valid. If an attacker gains read access to a log that stores these tokens in clear text, the attacker can replay the token to impersonate the user, access private data, or pivot further. Therefore the practice represents a serious confidentiality risk. Internal location or session context does not mitigate the threat, and bearer tokens are not encrypted by default.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an authentication token?
Open an interactive chat with Bash
Why is it important to encrypt logs?
Open an interactive chat with Bash
How can attackers use unencrypted logs to impersonate users?