Hi, just noticed that the usability test explicitly logs passwords in plaintext, which probably isn’t secure:
Is this an issue? Or is this more of a “contrived” challenge that is focused on malicious chars in logfiles?
You have hit the nail on the head with this being a contrived challenge focusing on malicious characters / statements being written to log files and the potential consequences of allowing malicious character sequences to be handled by a vulnerable application.
In a real-world scenario plaintext passwords ideally would not be exposed or logged at any point.
2 Likes