comp4111ta
commented
4 years ago TA-verified: Invalid Comments: Good. It is indeed bad practice. However, if you can give POC of the SQL injection to acquire the password, it counts.
Closed elise-ng closed 4 years ago
comp4111ta
commented
4 years ago TA-verified: Invalid Comments: Good. It is indeed bad practice. However, if you can give POC of the SQL injection to acquire the password, it counts.
Passwords are stored on database as plaintext, which is a bad practice and not acceptable in production environments. User's credentials could be stolen when system is intruded (such as using vulnerabilities like #6) and used as dictionary to misuse their accounts elsewhere if password is reused.
An industry standard way of storing password is to hash it with unique salt for each user, so that user's password can still be verified while attackers cannot reverse-compute the original plaintext password even if system is compromised.
(This is probably far-fetched but a real issue, @comp4111ta please see if this counts as valid point)