An analyst discovers that user account passwords are stored in plaintext in an application configuration file. This is discovered during a code review before the application is deployed to production. What is the appropriate response?

  1. Allow the deployment with a note to fix it in the next release
  2. Block the deployment and require implementation of secure credential storage ✓
  3. Document the issue for a future security audit
  4. Require users to change their passwords after deployment

Correct answer: Block the deployment and require implementation of secure credential storage

Option B is correct because storing plaintext passwords is a critical security vulnerability that violates secure development practices, and the pre-deployment code review is precisely the right gate to catch and block such issues before they reach production. Option A is inappropriate because deploying known critical vulnerabilities, even with documentation, directly violates secure software development lifecycle (SDLC) principles and exposes user credentials immediately. Option C merely defers a known critical flaw to a future audit, allowing a vulnerable application to go live and potentially compromise user accounts. Option D is incorrect because users cannot change passwords they have not yet created in a pre-deployment scenario, and even if they could, the root cause of plaintext storage would remain unaddressed.

Topic: · secure sdlc, credential storage, code review, plaintext passwords

Practice CompTIA CySA+ (CS0-003) Questions Free