2.4.1 TODOΒΆ

Verify that passwords are stored in a form that is resistant to offline attacks. Passwords SHALL be salted and hashed using an approved one-way key derivation or password hashing function. Key derivation and password hashing functions take a password, a salt, and a cost factor as inputs when generating a password hash. (C6)

Level 1  
Level 2 X
Level 3 X
CWE NIST
916 5.1.1.2