Read Time:20 Second
Posted by J. Hellenthal via Fulldisclosure on Aug 27
Correct me if I’m wrong but I believe he is trying to relay that “on the backend” where the password hashes are
stored…. if accessed by those with admin access or a bad actor if you will gives them the immediate ability to access
every account without needing to decrypt the passwords.
This is a very bad practice.