Password Plaintext Storage in fobybus/social-media-skeleton
Reported on
Aug 14th 2023
The application stored a password in a database in plaintext format. Storing user passwords in a database in plaintext is a security vulnerability that can have serious consequences. If an attacker is able to gain access to the database, they will be able to see all of the user passwords in plain text. This means that they can use those passwords to log in to user accounts, steal sensitive information, or commit fraud.
--POC---
https://drive.google.com/file/d/1b7Gx32oqXFiyVXudwc9DaZq9RjgWqvQT/view?usp=sharing
Impact
Data breaches: If an attacker is able to gain access to a database that stores user passwords in plaintext, they will be able to steal all of the passwords in the database. This could lead to a data breach. Identity theft: An attacker could use stolen passwords to impersonate users and commit identity theft, accessing sensitive information. Damage to reputation: A data breach or identity theft incident could damage the reputation of a company or organization that stores user passwords in plaintext.
It is important to never store user passwords in a database in plaintext. Instead, passwords should be stored using a secure hashing algorithm such as bcrypt or PBKDF2. This will make it much more difficult for attackers to steal user passwords, even if they are able to gain access to the database.
Here are some additional security best practices for storing passwords:
Use a strong hashing algorithm. Use a salt with the hashing algorithm. Store the hashed passwords in a secure location.
