🔒 CRITICAL: Remove Plain Text Password Handling

[MorDev1]

Security Issue: Plain Text Password Vulnerabilities

Priority: CRITICAL

CVE Impact: High - Credential exposure and password compromise
Security Risk: Complete user account takeover and credential theft

Problem Description

The current implementation handles passwords in plain text, creating severe security vulnerabilities:

1. Plain text password transmission - Passwords sent unencrypted
2. Password logging - Sensitive passwords logged to console/files
3. No password hashing - Passwords stored without proper hashing
4. Password enumeration - Weak password validation enables attacks
5. No password complexity requirements - Weak passwords accepted

Current Vulnerabilities

Plain Text Password Handling

• src/tools/create_auth_user.ts - Accepts plain text passwords
• src/tools/update_auth_user.ts - Updates passwords in plain text
• Console logging exposes passwords in debug output
• Error messages may leak password information

Password Security Gaps

• No password complexity validation
• No password strength requirements
• No password history tracking
• No password rotation policies
• No secure password generation

Attack Vectors

• Password interception - Plain text passwords in network traffic
• Log file exposure - Passwords logged to stderr/files
• Memory dumps - Passwords visible in memory dumps
• Error message leakage - Passwords in error responses
• Brute force attacks - Weak password validation

Required Implementation

1. Secure Password Handling

• Remove all plain text password handling
• Implement client-side password hashing
• Add secure password transmission (TLS only)
• Implement password salting and hashing
• Add password verification without storage

2. Password Complexity Requirements

• Implement minimum password length (12+ characters)
• Require mixed case, numbers, and symbols
• Blacklist common passwords
• Implement password strength scoring
• Add password entropy validation

3. Password Security Policies

• Implement password history tracking
• Add password rotation requirements
• Implement account lockout after failed attempts
• Add password expiration policies
• Implement secure password recovery

4. Logging and Error Security

• Remove passwords from all logging
• Sanitize error messages
• Implement secure debug logging
• Add password masking in responses
• Implement audit logging without passwords

Acceptance Criteria

• No plain text passwords in codebase
• All passwords properly hashed before storage
• Password complexity requirements enforced
• No passwords in log files or error messages
• Password transmission is secure (TLS only)
• Password strength validation implemented
• Account lockout prevents brute force attacks
• Password recovery is secure

Testing Requirements

• Run password security test suite
• Test with weak password attempts
• Validate password hashing implementation
• Test password complexity enforcement
• Verify no password leakage in logs
• Test brute force protection
• Validate secure password transmission

Implementation Steps

1. Phase 1: Remove plain text password handling
2. Phase 2: Implement secure password hashing
3. Phase 3: Add password complexity requirements
4. Phase 4: Implement security policies
5. Phase 5: Add comprehensive logging security

Security Dependencies

• Requires authentication framework (🔐 CRITICAL: Implement Secure Authentication Framework #6)
• Blocks user management security improvements
• Critical for data protection compliance

Files to Modify

• src/tools/create_auth_user.ts - Secure password creation
• src/tools/update_auth_user.ts - Secure password updates
• src/tools/utils.ts - Add password security utilities
• src/client/index.ts - Remove password logging
• src/index.ts - Secure error handling
• New: src/auth/password.ts - Password security module

Testing Commands

# Run password security tests
npm run test:security -- --grep "password"

# Test password complexity
npm run test:security -- --grep "weak password"

# Run authentication security suite
npm run test:security -- authentication.test.ts

Secure Implementation Examples

Before (Vulnerable)

const createUser = async (email: string, password: string) => {
  console.log(`Creating user with password: ${password}`);
  const result = await client.query(
    'INSERT INTO auth.users (email, password) VALUES (, )',
    [email, password]
  );
  return result;
};

After (Secure)

const createUser = async (email: string, passwordHash: string) => {
  // Validate password complexity client-side before hashing
  if (\!isPasswordComplex(passwordHash)) {
    throw new Error('Password does not meet complexity requirements');
  }
  
  const saltedHash = await bcrypt.hash(passwordHash, 12);
  const result = await client.query(
    'INSERT INTO auth.users (email, encrypted_password) VALUES (, )',
    [email, saltedHash]
  );
  
  // Log without sensitive data
  console.log(`User created: ${email}`);
  return result;
};

Password Complexity Requirements

• Minimum length: 12 characters
• Character types: At least 3 of 4 (upper, lower, number, symbol)
• Blacklisted passwords: Common passwords, dictionary words
• Entropy requirement: Minimum 50 bits of entropy
• Personal information: No user email, name, or common patterns

Password Hashing Standards

• Algorithm: bcrypt with cost factor 12+
• Salt: Unique random salt per password
• Timing: Constant-time comparison
• Storage: Never store plain text passwords
• Verification: Hash comparison only

References

• OWASP Password Storage Cheat Sheet
• NIST Password Guidelines
• bcrypt Best Practices

Severity Justification

This is marked as CRITICAL because:

• Plain text passwords enable complete account takeover
• Password logging creates massive security exposure
• Required for basic security compliance
• Affects all user management functionality
• Enables credential stuffing and brute force attacks