CWE-549: Missing Password Field Masking
The product does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords.
Last updated
Overview
CWE-549 (Missing Password Field Masking) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Real-world CVEs
16 recorded CVEs are caused by CWE-549 (Missing Password Field Masking). The highest-severity and most recent are shown first. 2 new CWE-549 CVEs have been recorded so far in 2026 (7 in 2025).