aspose file tools*
The moose likes Security and the fly likes Password Filed Not Masked Vulnerability.. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Password Filed Not Masked Vulnerability.." Watch "Password Filed Not Masked Vulnerability.." New topic
Author

Password Filed Not Masked Vulnerability..

chandra kambham
Ranch Hand

Joined: Jun 09, 2008
Posts: 74
Hi All,

Recently our Web Application has gone through a Security Scanner and found the Vulnerability "Password Field Not Masked".

Could some one give the possible mechanisms to fix this vulnerability..?

Many Thanks.
Chandra
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39547
    
  27
Are you using type="password" for the field, or the same type="text" you'd use for the username?


Ping & DNS - updated with new look and Ping home screen widget
chandra kambham
Ranch Hand

Joined: Jun 09, 2008
Posts: 74
Hi,

We are using the type="password" for the password field,
but There is one hidden field with the name "password" in the html page.
I think this is the source of the Vulnerability.

 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Password Filed Not Masked Vulnerability..
 
Similar Threads
ContentSpoofing
How int of Float.POSITIVE_INFINITY in Integer.MAX_VALUE?
what password you usually put in social networking?
Another bash at java by Microsoft
Hide password when accepting from command line