Tag Archives: CWE- 549

CWE-549 – Missing Password Field Masking

Read Time:19 Second

Description

The software does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-522

 

Consequences

Access Control: Bypass Protection Mechanism

 

Potential Mitigations

Phase: Implementation, Requirements

Description: 

Recommendations include requiring all password fields in your web application be masked to prevent other users from seeing this information.

CVE References