It seems to me that the issue here is that storing in plain text allows an attacker to learn the passwords of users - and many users re-use the same password for many resources. So while Microsoft has a point about a compromised installation is already gone - this issue creates further vulnerability for an organization running the software.
1 comment
[ 3.1 ms ] story [ 10.6 ms ] thread