Hello – It’s been happening for a while, but it’s really (really) time to end storing clear text passwords in the database. It’s *LONG* past time to send them in email to your users.
If you’d like proof, go to
http://plaintextoffenders.com/submit
And
http://krebsonsecurity.com/2012/06/naming-and-shaming-the-plaintext-offenders/
Of all places, Fedora and Red Hat should be leading this charge.
Thanks for listening,
Perry Engle
Lead Cyber Security Engineer, Section Leader
The MITRE Corporation, Department G026
(o) 781-271-2349 (m) 617-893-0058