Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-549 (口令域未进行输入隐藏) — Vulnerability Class 12

12 vulnerabilities classified as CWE-549 (口令域未进行输入隐藏). AI Chinese analysis included.

CWE-549 represents a critical input validation weakness where software fails to obscure password characters during user entry, leaving sensitive credentials visible in plain text. This vulnerability is typically exploited through shoulder surfing or local screen capture attacks, allowing malicious actors to visually observe or record authentication details as they are typed. By exposing passwords to casual onlookers or nearby surveillance, the attack surface expands significantly without requiring complex technical intrusion. Developers can effectively mitigate this risk by implementing standard UI security practices, specifically configuring input fields to display masked characters such as asterisks or dots. Ensuring that password fields utilize appropriate type attributes or masking libraries prevents visual exposure, thereby safeguarding user credentials against immediate visual observation and maintaining the confidentiality of the authentication process.

MITRE CWE Description
The product does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.
Common Consequences (1)
Access ControlBypass Protection Mechanism
Mitigations (1)
Implementation, RequirementsRecommendations include requiring all password fields in your web application be masked to prevent other users from seeing this information.
CVE IDTitleCVSSSeverityPublished
CVE-2025-13175 Insecure Password Storage in Y Soft SafeQ 6 — SafeQ 6 4.9AIMediumAI2026-01-14
CVE-2025-42904 Information Disclosure vulnerability in Application Server ABAP — Application Server ABAP 6.5 Medium2025-12-09
CVE-2025-64170 sudo-rs: Partial password reveal is possible after timeout — sudo-rs 3.8 Low2025-11-12
CVE-2025-4526 Dígitro NGC Explorer Configuration Page missing password field masking — NGC Explorer 4.3 Medium2025-05-11
CVE-2025-0148 Zoom Jenkins Marketplace plugin - Missing Password Field Masking — Zoom Jenkins Marketplace plugin 2.6 Low2025-02-03
CVE-2024-10122 Topdata Inner Rep Plus WebServer Operator Details Form InnerRepPlus.html missing password field masking — Inner Rep Plus WebServer 2.7 Low2024-10-18
CVE-2023-49106 Missing Password Field Masking Vulnerability in Hitachi Device Manager — Hitachi Device Manager 4.6 Medium2024-01-16
CVE-2023-2062 Information Disclosure vulnerability in EtherNet/IP Configuration tools — EtherNet/IP Configuration tool for RJ71EIP91 SW1DNN-EIPCT-BD 6.2 Medium2023-06-02
CVE-2023-1763 Canon IJ Network Tool 安全漏洞 — Canon IJ NW Tool 6.5 Medium2023-05-17
CVE-2022-20914 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability — Cisco Identity Services Engine Software 4.9 Medium2022-08-10
CVE-2022-1342 Devolutions Remote Desktop Manager 安全漏洞 — Remote Desktop Manager 4.6 -2022-06-15
CVE-2022-22550 Dell Technologies Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 6.7 Medium2022-04-12

Vulnerabilities classified as CWE-549 (口令域未进行输入隐藏) represent 12 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.