🔐 Cryptographic Failure: Plaintext Password Storage

This demo shows a vulnerable API that stores user credentials without any encryption. This violates basic cryptographic security practices and is commonly exploited in data breaches.

🧪 How to Test Using Postman

1. Open Postman or any API client.
2. Send a POST  request to: /api/vuln-crypto
3. In the Body tab, select raw → JSON and send:

   {
     "username": "testuser",
     "password": "supersecret123"
   }

4. Observe that the response includes your password in plaintext:

   {
     "status": "User stored (insecurely)",
     "storedUser": {
       "username": "testuser",
       "password": "supersecret123"
     }
   }

Waiting for test...

Best practice is to hash passwords using strong algorithms (e.g., bcrypt or Argon2).