7.1.1 Credentials or payment details are not logged. Session tokens are logged in a hashed formΒΆ
Verify that the application does not log credentials or payment details. Session tokens should only be stored in logs in an irreversible, hashed form. (C9, C10)
| Level 1 | X |
| Level 2 | X |
| Level 3 | X |
| CWE | NIST |
|---|---|
| 532 |