Missing Password Field Masking
Weakness ID: 549 (Weakness Variant)Status: Draft
+ Description

Description Summary

The software fails to mask passwords during entry, increasing the potential for attackers to observe and capture passwords.
+ Time of Introduction
  • Implementation
+ Potential Mitigations

Recommendations include requiring all password fields in your web application be masked to prevent other users from seeing this information.

+ Other Notes

Basic web application security measures include masking all passwords entered by a user when logging in to a web application. Normally, each character in a password entered by a user is instead represented with an asterisk.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory255Credentials Management
Development Concepts (primary)699
ChildOfCategoryCategory355User Interface Security Issues
Development Concepts699
ChildOfWeakness BaseWeakness Base522Insufficiently Protected Credentials
Research Concepts (primary)1000
+ Content History
Submission DateSubmitterOrganizationSource
Anonymous Tool Vendor (under NDA)Externally Mined
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Other Notes, Taxonomy Mappings
2009-07-27CWE Content TeamMITREInternal
updated Relationships