CWE-549
Missing Password Field Masking
AI Translation Available
The product does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.
Status
draft
Abstraction
base
Affected Platforms
Not Technology-Specific
Web Based
Technical Details
AI Translation
Common Consequences
access control
Impacts
bypass protection mechanism
Detection Methods
automated static analysis
Potential Mitigations
Phases:
implementation
requirements
Descriptions:
•
Recommendations include requiring all password fields in your web application be masked to prevent other users from seeing this information.