My company recently discovered that we're logging invalid login attempts, alongside with usernames and passwords. Those logfiles are stored on several machines and accessible to all team members.
What are the threats posed by this situation? Should we notify users about that or just remove entries from logs and move on (those were invalid passwords after all)?
Bonus question: How can I convince decision-makers to make the right choice?
Aucun commentaire:
Enregistrer un commentaire