Plaintext Passwords — CompTIA CySA+ (CS0-003) Practice Questions
Plaintext passwords are credentials stored, transmitted, or logged in an unencrypted, human-readable form, making them immediately usable by anyone who gains access to the storage location or network traffic. The CySA+ exam addresses plaintext passwords as both a vulnerability to detect and a finding to report during security assessments and incident investigations. Discovery of plaintext credentials in configuration files, logs, or database fields significantly elevates the severity of a compromise. Candidates should understand how to identify this weakness through log review and scanning, and how to remediate it through hashing and secrets management controls.