Ban the use of commonly breached passwords and require employees to use phrases that cannot be easily found in standard dictionaries or combo lists.
As artificial intelligence tools become more common in development, a new vector has emerged. "Vibe-coded" applications—software built with heavy reliance on AI coding assistants—have been found storing user databases in simple text files when the AI could not set up a proper database. Security researchers find flat-file password storage in roughly one out of every four such applications they audit. Attackers target common paths that AI tools use when generating file-based storage, including /data/users.txt , /db/accounts.json , and /database/users.txt . index of password txt repack
This historical vulnerability in wcSimple Poll stored password hashes in a password.txt file under the web root with insufficient access control, allowing remote attackers to obtain password hashes via a direct request. Vulnerabilities of this nature remain common today. Ban the use of commonly breached passwords and
The most effective defense is disabling directory indexing at the server level. This ensures that users receive an error page rather than a list of files. Vulnerabilities of this nature remain common today