Password Exposed in Log Entry

Hard+200 XPA07:2021 Identification and Authentication FailuresCWE-532

Sensitive Data ExposureLoggingPassword

Scenario

A login service logs every authentication attempt for audit purposes — including the plaintext password supplied by the user.

Log aggregators, SIEM tools, and anyone with read access to log files can harvest credentials. A single log-pipeline misconfiguration can expose every user's password.

Log entries must record who attempted to log in and whether it succeeded, but must never include credentials.

Credentials in logs violate multiple compliance frameworks (PCI-DSS, SOC 2, GDPR). Log aggregation pipelines are frequently breached or misconfigured — once passwords land in logs, they are nearly impossible to fully purge.

Your Tasks

Fix logLoginAttempt so the returned log object does NOT include the password.
The returned object must have username and success fields.
The hasPassword field must be false after the fix.

Examples

Example 1 — Vulnerable — password leaked

logLoginAttempt('alice', 'hunter2', true)
// → { username:'alice', success:true, hasPassword:true }

Example 2 — Fixed — password omitted

logLoginAttempt('alice', 'hunter2', true)
// → { username:'alice', success:true, hasPassword:false }

Constraints

›Return an object with shape { username: string, success: boolean, hasPassword: boolean }.
›hasPassword must be false in the fixed version.
›Do not change the function signature.

Hint

References

CWE-532: Insertion of Sensitive Information into Log File OWASP Logging Cheat Sheet OWASP Top 10 A09:2021 Security Logging and Monitoring Failures

solution.js

Ln 1, Col 1│UTF-8│JavaScript

Sandbox ready

0/0/0not run