CWE
Home > CWE List > CWE- Individual Dictionary Definition (1.1)  
Search by ID:

CWE-549: Missing Password Field Masking

Individual Definition in a New Window
Missing Password Field Masking
Status: Draft
Weakness ID: 549 (Weakness Variant)
Description
Summary

The software fails to mask passwords during entry, increasing the potential for attackers to observe and capture passwords.

Potential Mitigations

Recommendations include requiring all password fields in your web application be masked to prevent other users from seeing this information.

Other Notes

Basic web application security measures include masking all passwords entered by a user when logging in to a web application. Normally, each character in a password entered by a user is instead represented with an asterisk.

Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory255Credentials Management
Development Concepts (primary)699
ChildOfCategoryCategory355User Interface Security Issues
Development Concepts699
ChildOfWeakness BaseWeakness BaseWeakness Base522Insufficiently Protected Credentials
Research Concepts1000
ChildOfWeakness ClassWeakness ClassWeakness Class668Exposure of Resource to Wrong Sphere
Research Concepts (primary)1000
Taxonomy Mappings
Mapped Taxonomy Name
Anonymous Tool Vendor (under NDA)
Time of Introduction
* Implementation
Content History
Submissions
Anonymous Tool Vendor (under NDA). (Externally Mined)
Modifications
Eric Dalci. Cigital. 2008-07-01. (External)
updated Time_of_Introduction
CWE Content Team. MITRE. 2008-09-08. (Internal)
updated Relationships, Other_Notes, Taxonomy_Mappings
Page Last Updated: November 24, 2008