The password storage vulnerability is not fixed. Passwords are still being stored in plaintext.

Test 1:

Register a new user with the username testuser and password 1234 (you may choose any desired values for the company field). Did any errors appear in the Sandbox Output window?

Test 2:

Switch to the User Registry tab and select the Refresh Users button. Verify that the new testuser appears in the table.

Test 3:

Verify that the displayed password for testuser is: 03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4.

This is the correct SHA-256 hash for 1234. If a different password value is shown, examine your hashing implementation in the registration function for bugs. Ensure you are using the correct hashing algorithm.

Note: By default, the C# version of this lesson will output the hash with uppercase alpha characters, but the tests account for this.

Did this answer your question?