CWE-549

Missing Password Field Masking

The product does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.

Mitigation

Phases: Implementation, Requirements

Description:

  • Recommendations include requiring all password fields in your web application be masked to prevent other users from seeing this information.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page