Bug Exposes Password in Plaintext