CWE-549 - Missing Password Field Masking

Home/CWEs/CWE info/

CWE-549

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Missing Password Field Masking

Description: The product does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.

Common Consequences: Scope: Access Control
Impact: Bypass Protection Mechanism

Related Weaknesses: CWE-522Insufficiently Protected Credentials

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Latest Security News

Windows 11 24H2 update blocked on PCs with Assassin's Creed, Star Wars Outlaws

Microsoft testing Windows 11 support for third-party passkeys

Hackers abuse Avast anti-rootkit driver to disable defenses

Google Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News Sites

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

Windows 10 KB5046714 update fixes bug preventing app uninstalls

Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs

APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware

Common Alerts

HighSQL Injection

HighSource Code Disclosure - File Inclusion

InformationalLoosely Scoped Cookie

InformationalInformation Disclosure - Suspicious Comments in XML via WebSocket

InformationalImage Exposes Location or Privacy Data

MediumRelative Path Confusion

Medium.htaccess Information Leak

HighExpression Language Injection

MediumExponential Entity Expansion (Billion Laughs Attack)

InformationalNon-Storable Content

Top CVE List

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability

CVE-2019-15949 Nagios XI Remote Code Execution Vulnerability

CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2021-26858 Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

Top CWE List

CWE-328 Use of Weak Hash

CWE-15 External Control of System or Configuration Setting

CWE-579 J2EE Bad Practices: Non-serializable Object Stored in Session

CWE-1426 Improper Validation of Generative AI Output

MediumCWE-250 Execution with Unnecessary Privileges

CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

HighCWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-1245 Improper Finite State Machines (FSMs) in Hardware Logic

MediumCWE-190 Integer Overflow or Wraparound

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Free security scan for your website

Don't show website scan report rating on the leaderboard

CWE-549 - Missing Password Field Masking

The product does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.