/vulndb/Insecure Storage of Credentials

The application should not return credentials in clear text because this information can be stolen by an attacker trough common attacks like XSS.


Sensitive and confidential data like user’s credentials should not be embedded inside the application pages.


A best practice to handle confidential information, like passwords, is to avoid storing it in plain text and use their hashed versions instead.