NIST 800-53 r5 · Controls catalogue · Family IA
IA-6Authentication Feedback
Obscure feedback of authentication information during the authentication process to protect the information from possible exploitation and use by unauthorized individuals.
Last updated: 19 May 2026 14:18 UTC
Implementations targeting this control (0)
- No implementations targeting this control yet.
ATT&CK techniques this control mitigates (8)
- T1021.001 Remote Desktop Protocol Lateral Movement
- T1021.005 VNC Lateral Movement
- T1530 Data from Cloud Storage Collection
- T1563 Remote Service Session Hijacking Lateral Movement
- T1578 Modify Cloud Compute Infrastructure Defense Impairment
- T1578.001 Create Snapshot Defense Impairment
- T1578.002 Create Cloud Instance Defense Impairment
- T1578.003 Delete Cloud Instance Defense Impairment
Weaknesses this control addresses (3)AI
CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.
| CWE | Name | CVEs | Why this control addresses it |
|---|---|---|---|
CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor | 10,259 | Obscuring authentication feedback prevents exposure of sensitive information such as valid usernames or failure reasons to unauthorized actors. |
CWE-209 | Generation of Error Message Containing Sensitive Information | 648 | The control directly mitigates generation of error messages containing sensitive authentication details by requiring obscured feedback instead of verbose responses. |
CWE-549 | Missing Password Field Masking | 15 | Obscuring feedback includes masking password input (e.g., asterisks), which addresses the weakness of missing password field masking. |
Top CVEs where this control is the strongest mitigation
| CVE | Risk | CVSS | EPSS | Match |
|---|---|---|---|---|
CVE-2016-20030 | 2.0 | 9.8 | 0.0004 | good |
CVE-2025-31229 | 1.8 | 9.1 | 0.0013 | good |
CVE-2025-2277 | 1.5 | 7.5 | 0.0030 | good |
CVE-2025-12455 | 1.5 | 7.5 | 0.0005 | good |
CVE-2026-25222 | 1.5 | 7.5 | 0.0004 | good |
CVE-2025-24011 | 3.2 | 5.3 | 0.3516 | good |
CVE-2025-12995 | 1.6 | 8.1 | 0.0009 | partial |
CVE-2025-15103 | 1.6 | 8.1 | 0.0012 | good |
CVE-2026-33419 | 1.5 | 7.5 | 0.0002 | good |
CVE-2026-4113 UPD | 1.4 | 7.2 | 0.0010 | good |
CVE-2025-58434 | 3.9 | 9.8 | 0.3255 | good |
CVE-2026-6284 | 1.8 | 9.1 | 0.0002 | partial |
CVE-2026-34578 | 1.7 | 8.2 | 0.0022 | good |