This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes Security and the fly likes Password Filed Not Masked Vulnerability.. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Engineering » Security
Bookmark "Password Filed Not Masked Vulnerability.." Watch "Password Filed Not Masked Vulnerability.." New topic
Author

Password Filed Not Masked Vulnerability..

chandra kambham
Ranch Hand

Joined: Jun 09, 2008
Posts: 74
Hi All,

Recently our Web Application has gone through a Security Scanner and found the Vulnerability "Password Field Not Masked".

Could some one give the possible mechanisms to fix this vulnerability..?

Many Thanks.
Chandra
Ulf Dittmer
Rancher

Joined: Mar 22, 2005
Posts: 42958
    
  73
Are you using type="password" for the field, or the same type="text" you'd use for the username?
chandra kambham
Ranch Hand

Joined: Jun 09, 2008
Posts: 74
Hi,

We are using the type="password" for the password field,
but There is one hidden field with the name "password" in the html page.
I think this is the source of the Vulnerability.

 
Have you checked out Aspose?
 
subject: Password Filed Not Masked Vulnerability..
 
It's not a secret anymore!