Originally Posted by
veresch
The majority of the 250 accounts had the same username and password, we know what passwords they were trying to submit from the logs. They tried passwords like "password" or "1234567890".
You log the failed passwords from failed login attempts in a log in clear text? That's not something you should be able to see. What about successful attempts, are those passwords logged as well?