Posted by mikenereson on Aug 17, 2008; 8:06pm
URL: https://support.nabble.com/Password-reset-increased-security-tp686535p729678.html

I certainly appreciate a response, even if its not exactly what I value as a good response. If the developers are unaware of the issues surrounding the storage of plain text passwords in a database, then that's one thing, but if the designers and developers do understand the security risks of maintaining clear text passwords and were too lazy to implement a secure method of storing passwords, then there is not really any good excuse for this.

When you send plain text passwords via an email, they are interceptable. That's not good. But even worse, that indicates that the passwords are stored in plain text in your database too. The passwords should have been hashed when they were created and the hashed value is what should have been stored.

The good news is that its not too late for you to fix this oversight. Please read more about the issue and the solution as this one of many posts that I just Googled: http://www.aspheute.com/english/20040105.asp