Critical Severity
🔴 Plaintext Password Storage
🧠 Description
Passwords are stored in plaintext (unencrypted) in the database. If the database is compromised, all user credentials are immediately exposed.
Impact: Mass Account Compromise, Credential Reuse Attacks
🔍 Detection
- Check database for plaintext passwords
- Check application logs/config for plaintext
- Review password reset emails
- Check source code for hashing implementation
🛡️ Mitigation
✅ Hash passwords with bcrypt, Argon2, or PBKDF2
✅ Use unique salt per password
✅ Never store or transmit passwords in plaintext
✅ Implement proper key management
✅ Use unique salt per password
✅ Never store or transmit passwords in plaintext
✅ Implement proper key management