This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Security and the fly likes Password Filed Not Masked Vulnerability.. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Password Filed Not Masked Vulnerability.." Watch "Password Filed Not Masked Vulnerability.." New topic
Author

Password Filed Not Masked Vulnerability..

chandra kambham
Ranch Hand

Joined: Jun 09, 2008
Posts: 74
Hi All,

Recently our Web Application has gone through a Security Scanner and found the Vulnerability "Password Field Not Masked".

Could some one give the possible mechanisms to fix this vulnerability..?

Many Thanks.
Chandra
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41151
    
  45
Are you using type="password" for the field, or the same type="text" you'd use for the username?


Ping & DNS - my free Android networking tools app
chandra kambham
Ranch Hand

Joined: Jun 09, 2008
Posts: 74
Hi,

We are using the type="password" for the password field,
but There is one hidden field with the name "password" in the html page.
I think this is the source of the Vulnerability.

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Password Filed Not Masked Vulnerability..
 
Similar Threads
How int of Float.POSITIVE_INFINITY in Integer.MAX_VALUE?
Another bash at java by Microsoft
ContentSpoofing
Hide password when accepting from command line
what password you usually put in social networking?