CWE · MITRE source
CWE-549Missing Password Field Masking
The product does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.
Last updated: 04 July 2026 00:28 UTC
Cumulative inbound coverage
How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.
Collective: full · 1 mapping(s) from 1 framework(s): ASVS 5.0 1 (full)
NIST 800-53 r5 controls that address this weakness (1)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
IA-6 | Authentication Feedback | IA | Obscuring feedback includes masking password input (e.g., asterisks), which addresses the weakness of missing password field masking. |
MITRE ATT&CK techniques this weakness enables
Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.
Direction: ← other covers this;
→ this covers other (F/M/P = full / mostly /
partial).
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2022-22550 | 3.5 | 6.7 | 0.0022 | 2022-04-12 |
CVE-2022-1342 | 3.5 | 4.6 | 0.0038 | 2022-06-15 |
CVE-2022-20914 | 3.5 | 4.9 | 0.0080 | 2022-08-10 |
CVE-2023-1763 | 3.5 | 6.5 | 0.0028 | 2023-05-17 |
CVE-2023-2062 | 3.5 | 6.2 | 0.0033 | 2023-06-02 |
CVE-2023-49106 | 3.5 | 4.6 | 0.0044 | 2024-01-16 |
CVE-2025-31727 | 3.5 | 5.5 | 0.0027 | 2025-04-02 |
CVE-2025-31728 | 3.5 | 5.5 | 0.0027 | 2025-04-02 |
CVE-2025-4526 UPD | 3.5 | 4.3 | 0.0023 | 2025-05-11 |
CVE-2025-42904 | 3.5 | 6.5 | 0.0028 | 2025-12-09 |
CVE-2026-3314 UPD | 3.5 | 4.6 | 0.0018 | 2026-05-26 |
CVE-2024-10122 | 1.5 | 2.7 | 0.0048 | 2024-10-18 |
CVE-2025-0148 | 1.5 | 2.6 | 0.0017 | 2025-02-03 |
CVE-2025-30197 | 1.5 | 3.1 | 0.0026 | 2025-03-19 |
CVE-2025-64170 | 1.5 | 3.8 | 0.0012 | 2025-11-12 |