Back to CWE list
CWE-549
Missing Password Field Masking
Base
Draft
Description
The product does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Access Control
Impact
Bypass Protection Mechanism
Potential Mitigations
Implementation
Requirements
Recommendations include requiring all password fields in your web application be masked to prevent other users from seeing this information.
CVE-2025-0148Jenkins plugin for a video meeting product does not mask passwords
Applicable Platforms
Not Language-Specific
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now