diff --git a/CHANGELOG.md b/CHANGELOG.md
index e148a74aab..2da58d7629 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,18 +5,23 @@ Canonical reference for changes, improvements, and bugfixes for Boundary.
 ## 0.14.0 (2023/10/10)
 
 ### Deprecations/Changes
-* Per the note in Boundary 0.12.0, the `vault` credential library subtype has now been
-  removed in favor of `vault-generic`. For example, instead of `boundary
-  credential-libraries create vault`, you must use `boundary
+
+* Per the note in Boundary 0.12.0, the `vault` credential library subtype has
+  now been removed in favor of `vault-generic`. For example, instead of
+  `boundary credential-libraries create vault`, you must use `boundary
   credential-libraries create vault-generic`.
 * Per the note in Boundary 0.12.0, errors returned from the cli when using the
   `-format=json` option will now only use the `status_code` field. The `status`
   field has been removed.
-* Per the note in Boundary 0.12.0, targets require a default port value. Ports defined as part of a host address
-  were ignored but allowed as part of a target definition; from 0.14.0 onwards, any port defined on a host address will 
-  now become an error.
-* Targets: Per the note in Boundary 0.10.10, target Application Credentials has been renamed to Brokered Credentials. 
-  `application-credential-source` has been removed as a field. `brokered-credential-source` should be used instead. ([PR](https://github.com/hashicorp/boundary/pull/3728), [deprecated changelog](#0100-20220810)).
+* Per the note in Boundary 0.12.0, targets require a default port value. Ports
+  defined as part of a host address were ignored but allowed as part of a target
+  definition; from 0.14.0 onwards, any port defined on a host address will now
+  become an error.
+* Targets: Per the note in Boundary 0.10.10, target Application Credentials has
+  been renamed to Brokered Credentials. `application-credential-source` has been
+  removed as a field. `brokered-credential-source` should be used instead.
+  ([PR](https://github.com/hashicorp/boundary/pull/3728), [deprecated
+  changelog](#0100-20220810)).
 
 ### New and Improved
 
@@ -31,8 +36,10 @@ Canonical reference for changes, improvements, and bugfixes for Boundary.
   ([PR](https://github.com/hashicorp/boundary/pull/3650)).
 * feat: allow HCP cluster id to be sourced from file or env variable
     ([PR](https://github.com/hashicorp/boundary/pull/3709)).
-* feat: add support for telemetry events via flag or Boundary configuration (requires observation events to be enabled).
-Deny filter now filters coordination worker status from observation events by default. (This behaviour is overridden by any user specified allow or deny filters)
+* feat: add support for telemetry events via flag or Boundary configuration
+  (requires observation events to be enabled). Deny filter now filters
+  coordination worker status from observation events by default. (This behavior
+  is overridden by any user specified allow or deny filters)
   ([PR](https://github.com/hashicorp/boundary/pull/3753)).
 * ui: Add full UI support for LDAP auth method
   ([PR](https://github.com/hashicorp/boundary-ui/pull/1782))
@@ -46,6 +53,9 @@ Deny filter now filters coordination worker status from observation events by de
 * targets: Fix address field not being populated if the number of targets on a
   list returns more than 10000 entries
   ([PR](https://github.com/hashicorp/boundary/pull/3644))
+* cli: Fix issue when using the `authenticate` command against a password auth
+  method on Windows where the password would be swallowed when the login name is
+  submitted ([PR](https://github.com/hashicorp/boundary/pull/3800))
 
 ## 0.13.1 (2023/07/10)
 
diff --git a/go.mod b/go.mod
index b765aac145..6c28fa1501 100644
--- a/go.mod
+++ b/go.mod
@@ -38,7 +38,7 @@ require (
 	github.com/hashicorp/go-secure-stdlib/listenerutil v0.1.7
 	github.com/hashicorp/go-secure-stdlib/mlock v0.1.3
 	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7
-	github.com/hashicorp/go-secure-stdlib/password v0.1.2
+	github.com/hashicorp/go-secure-stdlib/password v0.1.3
 	github.com/hashicorp/go-secure-stdlib/pluginutil/v2 v2.0.4
 	github.com/hashicorp/go-secure-stdlib/reloadutil v0.1.1
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2
diff --git a/go.sum b/go.sum
index d5f62e90c5..d21a6a87d8 100644
--- a/go.sum
+++ b/go.sum
@@ -364,8 +364,8 @@ github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3
 github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 h1:UpiO20jno/eV1eVZcxqWnUohyKRe1g8FPV/xH1s/2qs=
 github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
 github.com/hashicorp/go-secure-stdlib/password v0.1.1/go.mod h1:9hH302QllNwu1o2TGYtSk8I8kTAN0ca1EHpwhm5Mmzo=
-github.com/hashicorp/go-secure-stdlib/password v0.1.2 h1:fcaMDeWE3a3PiCijEhRZaka7QxAN/AJwCAcQxg7MqBQ=
-github.com/hashicorp/go-secure-stdlib/password v0.1.2/go.mod h1:zO6IH1UOstJM0DZ/qzxCz2Jym+nkdvNtej4/3RpH+DQ=
+github.com/hashicorp/go-secure-stdlib/password v0.1.3 h1:/2S3qhBDGbI0DoSgSC8m9EaiRelgGrJmApZIDb/8Xv8=
+github.com/hashicorp/go-secure-stdlib/password v0.1.3/go.mod h1:JPOgAG+z70auO30+LCRhvZKxGAh8cfXorXNJWGlFiVQ=
 github.com/hashicorp/go-secure-stdlib/pluginutil/v2 v2.0.4 h1:IU2iGcvthrJ53rPbQU6B4+iVs/cLPO89ti5dd2XEj3k=
 github.com/hashicorp/go-secure-stdlib/pluginutil/v2 v2.0.4/go.mod h1:TDJ8YE+fJNEW7OQUqL9RjB6SPieLUxvKzrt8u19qOkg=
 github.com/hashicorp/go-secure-stdlib/reloadutil v0.1.1 h1:SMGUnbpAcat8rIKHkBPjfv81yC46a8eCNZ2hsR2l1EI=
@@ -799,7 +799,6 @@ golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5y
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
-golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE=
 golang.org/x/crypto v0.13.0 h1:mvySKfSWJ+UKUii46M40LOvyWfN0s2U+46/jDd0e6Ck=
 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -882,7 +881,6 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
 golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
 golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
 golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8=
 golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
@@ -986,7 +984,6 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
 golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
 golang.org/x/term v0.12.0 h1:/ZfYdc3zq+q02Rv9vGqTeSItdzZTSNDmfTi0mBAuidU=
 golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=