DerScanner
Home / Vulnerability Database / Config files : Unhidden password field
Config files

Config files : Unhidden password field

Classification

OWASP Top 10 2013
A2-Broken Authentication and Session ManagementA6-Sensitive Data Exposure
OWASP Top 10 2017
A2-Broken AuthenticationA3-Sensitive Data Exposure
OWASP Top 10 2021
A2-Cryptographic FailuresA4-Insecure DesignA7-Identification and Authentication Failures
OWASP ASVS
AuthenticationAuthenticationAuthenticationAuthenticationAuthenticationAuthenticationAuthenticationAuthenticationAuthenticationAuthenticationAuthenticationAuthenticationAuthentication
PCI DSS 4.0
6.2.48.3.2
HIPAA
§164.312 (a)(1)§164.312 (a)(2)(iv)
CWE
CWE-256CWE-260CWE-261CWE-522CWE-1028CWE-1032
CWE/SANS Top 25 2021
CWE-522

Overview

The application may have an unhidden password field. This can lead to the application data being compromised.

References

  1. OWASP Top 10 2017-A2-Broken Authentication
  2. OWASP Top 10 2017-A3-Sensitive Data Exposure
  3. OWASP Top 10 2013-A5-Security Misconfiguration
  4. OWASP Top 10 2013-A6-Sensitive Data Exposure
  5. CWE-261: Weak Encoding for Password
  6. CWE CATEGORY: OWASP Top Ten 2017 Category A2 - Broken Authentication
  7. CWE CATEGORY: OWASP Top Ten 2017 Category A6 - Security Misconfiguration
  8. CWE-256: Unprotected Storage of Credentials
  9. CWE-260: Password in Configuration File
MEDIUM

DerScanner Severity Score

Do you want to fix Config files : Unhidden password field in your application?

See also

Config files

Config files : Text4Shell Vulnerability

Config files

Config files : Incorrect directory deletion

Config files

Config files : Code injection