File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes Password Filed Not Masked Vulnerability.. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Password Filed Not Masked Vulnerability.." Watch "Password Filed Not Masked Vulnerability.." New topic
Author

Password Filed Not Masked Vulnerability..

chandra kambham
Ranch Hand

Joined: Jun 09, 2008
Posts: 74
Hi All,

Recently our Web Application has gone through a Security Scanner and found the Vulnerability "Password Field Not Masked".

Could some one give the possible mechanisms to fix this vulnerability..?

Many Thanks.
Chandra
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42926
    
  68
Are you using type="password" for the field, or the same type="text" you'd use for the username?
chandra kambham
Ranch Hand

Joined: Jun 09, 2008
Posts: 74
Hi,

We are using the type="password" for the password field,
but There is one hidden field with the name "password" in the html page.
I think this is the source of the Vulnerability.

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Password Filed Not Masked Vulnerability..