The product does not record, or improperly records, security-relevant information that leads to an incorrect decision or hampers later analysis.
View on MITREThis can be resultant, e.g. a buffer overflow might trigger a crash before the product can log the event.
No mitigation information available for this CWE.
No detection method information available for this CWE.
This code logs suspicious multiple login attempts.
This code only logs failed login attempts when a certain limit is reached. If an attacker knows this limit, they can stop their attack from being discovered by avoiding the limit.
Web browser's filename selection dialog only shows the beginning portion of long filenames, which can trick users into launching executables with dangerous extensions.
View Detailsapplication server does not log complete URI of a long request (truncation).
View DetailsLogin attempts are not recorded if the user disconnects before the maximum number of tries.
View DetailsAttacker performs malicious actions on a hard link to a file, obscuring the real target file.
View DetailsProduct does not warn user when document contains certain dangerous functions or macros.
View DetailsNo relationship information available for this CWE.
CWE-221: Information Loss or Omission is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product does not record, or improperly records, security-relevant information that leads to an incorrect decision or hampers later analysis. This can be resultant, e.g. a buffer overflow might trigger a crash before the product can log the event.
If exploited, CWE-221 (Information Loss or Omission) it can compromise Non-Repudiation, leading to outcomes such as Hide Activities.
CWE-221 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
MITRE documents real CVEs mapped to CWE-221, including CVE-2004-2227, CVE-2003-0412, CVE-1999-1029, CVE-2002-0725 and CVE-1999-1055. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
A CWE (Common Weakness Enumeration) like CWE-221 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.