CWE-549 - Missing Password Field Masking

Home/CWEs/CWE info/

CWE-549

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Missing Password Field Masking

Description: The product does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.

Common Consequences: Scope: Access Control
Impact: Bypass Protection Mechanism

Related Weaknesses: CWE-522Insufficiently Protected Credentials

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Latest Security News

North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS

A Hacker's Guide to Password Cracking

5 Most Common Malware Techniques in 2024

SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims

China-Aligned MirrorFace Hackers Target EU Diplomats with World Expo 2025 Bait

Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418)

Malicious PyPI Package ‘Fabrice’ Found Stealing AWS Keys from Thousands of Developers

Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems

Top Alert List

InformationalInformation Disclosure - Suspicious Comments

MediumAbsence of Anti-CSRF Tokens

LowCookie without SameSite Attribute

Cross-Domain Misconfiguration

MediumMissing Anti-clickjacking Header

MediumDirectory Browsing

LowCross-Domain JavaScript Source File Inclusion

LowInformation Disclosure - Debug Error Messages

Content Security Policy (CSP) Header Not Set

MediumCSP: Wildcard Directive

Latest CVE List

CVE-2024-8957 PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability

CVE-2024-8956 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability

CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

CVE-2024-47575 Fortinet FortiManager Missing Authentication Vulnerability

CVE-2024-38094 Microsoft SharePoint Deserialization Vulnerability

CVE-2024-9537 ScienceLogic SL1 Unspecified Vulnerability

CVE-2024-40711 Veeam Backup and Replication Deserialization Vulnerability

CVE-2024-30088 Microsoft Windows Kernel TOCTOU Race Condition Vulnerability

CVE-2024-9680 Mozilla Firefox Use-After-Free Vulnerability

Top CWE List

CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

MediumCWE-250 Execution with Unnecessary Privileges

CWE-328 Use of Weak Hash

CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')

HighCWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1426 Improper Validation of Generative AI Output

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CWE-290 Authentication Bypass by Spoofing

CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action

MediumCWE-353 Missing Support for Integrity Check

Free security scan for your website

Don't show website scan report rating on the leaderboard

CWE-549 - Missing Password Field Masking

The product does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.