BaseDraft

CWE-549Missing Password Field Masking

Category: auth

Description

The product does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.

Common consequences· 1

  • Access Control — Bypass Protection Mechanism

Potential mitigations· 1

  • [Implementation, Requirements]Recommendations include requiring all password fields in your web application be masked to prevent other users from seeing this information.

References

  1. https://cwe.mitre.org/data/definitions/549.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Missing Encryption of Sensitive Data
CWE
Weak Password Requirements
CWE
Insufficiently Protected Credentials
CWE
Weak Password Recovery Mechanism for Forgotten Password
CWE
Not Using Password Aging
CWE
Use of Hard-coded Password
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.