CWE · MITRE source
CWE-549Missing Password Field Masking
The product does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (1)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
IA-6 | Authentication Feedback | IA | Obscuring feedback includes masking password input (e.g., asterisks), which addresses the weakness of missing password field masking. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2022-22550 | 1.3 | 6.7 | 0.0004 | 2022-04-12 |
CVE-2023-1763 | 1.3 | 6.5 | 0.0005 | 2023-05-17 |
CVE-2025-42904 | 1.3 | 6.5 | 0.0003 | 2025-12-09 |
CVE-2023-2062 | 1.2 | 6.2 | 0.0007 | 2023-06-02 |
CVE-2025-31727 | 1.1 | 5.5 | 0.0012 | 2025-04-02 |
CVE-2025-31728 | 1.1 | 5.5 | 0.0009 | 2025-04-02 |
CVE-2022-20914 | 1.0 | 4.9 | 0.0015 | 2022-08-10 |
CVE-2022-1342 | 0.9 | 4.6 | 0.0006 | 2022-06-15 |
CVE-2023-49106 | 0.9 | 4.6 | 0.0008 | 2024-01-16 |
CVE-2025-4526 | 0.9 | 4.3 | 0.0011 | 2025-05-11 |
CVE-2025-64170 | 0.8 | 3.8 | 0.0001 | 2025-11-12 |
CVE-2025-30197 | 0.6 | 3.1 | 0.0009 | 2025-03-19 |
CVE-2024-10122 | 0.5 | 2.7 | 0.0007 | 2024-10-18 |
CVE-2025-0148 | 0.5 | 2.6 | 0.0012 | 2025-02-03 |
CVE-2025-13175 | 0.0 | 0.0 | 0.0005 | 2026-01-14 |