A friendly place for programming greenhorns!
Big Moose Saloon
Search
|
Java FAQ
|
Recent Topics
Register / Login
Win a copy of
The Mikado Method
this week in the
Agile and other Processes
forum!
JavaRanch
»
Java Forums
»
Engineering
»
Security
Author
Password Filed Not Masked Vulnerability..
chandra kambham
Ranch Hand
Joined: Jun 09, 2008
Posts: 74
posted
Jul 16, 2009 04:51:45
0
Hi All,
Recently our Web Application has gone through a Security Scanner and found the Vulnerability "Password Field Not Masked".
Could some one give the possible mechanisms to fix this vulnerability..?
Many Thanks.
Chandra
Ulf Dittmer
Marshal
Joined: Mar 22, 2005
Posts: 35241
7
posted
Jul 16, 2009 05:06:53
0
Are you using type="password" for the field, or the same type="text" you'd use for the username?
Android apps
–
ImageJ plugins
–
Java web charts
chandra kambham
Ranch Hand
Joined: Jun 09, 2008
Posts: 74
posted
Jul 16, 2009 05:23:54
0
Hi,
We are using the type="password" for the password field,
but There is one hidden field with the name "password" in the html page.
I think this is the source of the Vulnerability.
I agree. Here's the link:
http://zeroturnaround.com/jrebel
- it saves me about five hours per week
subject: Password Filed Not Masked Vulnerability..
Similar Threads
Hide password when accepting from command line
How int of Float.POSITIVE_INFINITY in Integer.MAX_VALUE?
ContentSpoofing
Another bash at java by Microsoft
what password you usually put in social networking?
All times are in JavaRanch time: GMT-6 in summer, GMT-7 in winter
0
