...
In order to comply with guideline MSC18-J Store passwords using a hash function, the passwords would have to be encrypted. Unfortunately, on many small systems, they are not, and so the password text added in the query string would match precisely what the user enteresenters. An attacker could supply a password such as:
...