The web application has to have access to the encryption key in order to make the password check. That means if the web process gets compromised in any way, the attacker can get the plaintext password.
Well, not necessarily, since they could be using asymmetric encryption (encrypt the password received from login, compare the result with the stored ciphertext), and keep the decryption key offline.
That said, very few of them do, because if the application can't access the passwords anyway, then there's usually no point in encrypting vs hashing them. An exception would be a manually operated password recovery system.
Well, not necessarily, since they could be using asymmetric encryption (encrypt the password received from login, compare the result with the stored ciphertext), and keep the decryption key offline.
That said, very few of them do, because if the application can't access the passwords anyway, then there's usually no point in encrypting vs hashing them. An exception would be a manually operated password recovery system.