All system passwords must be stored in a unique data source.
CWE-522: Insufficiently Protected Credentials. The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
OWASP-ASVS v4.0.1 V6.4 Secret Management.(6.4.1) Verify that a secrets management solution such as a key vault is used to securely create, store, control access to and destroy secrets.
OWASP-ASVS v4.0.1 V6.4 Secret Management.(6.4.2) Verify that key material is not exposed to the application but instead uses an isolated security module like a vault for cryptographic operations.
Start with Fluid Attacks
We are a proud corporate member of the OWASP Foundation