If any clients had been logging that nonce, we could retrospectively catch any person in the middle.
Far too few services do strategic logging of data useful to catch attackers like this. Many attackers won't attack if they know traces will be left which can point to them.
The more I work with production systems, the more I appreciate healthy logs. We've solved at least a dozen big issues this past year with "just scan the logs and rebuild the historical data, we can pretend like we were monitoring that issue the whole time".
“debug level” and “prod level” logs are pretty arbitrarily drawn lines from organisation to organisation. If they’re intentionally running that logging level on prod, it’s prod level
Not the OP, but: kind of, yes. Enough logging for someone with access to the source code to stand a good chance of reverse engineering what happened (code trace) when something goes wrong, without having the user reproduce. This capability is built into the product and involves significant development effort in itself.
Far too few services do strategic logging of data useful to catch attackers like this. Many attackers won't attack if they know traces will be left which can point to them.