[osullip]

Logging passwords on the fly is probably common. Some debug or log action setup and forgotten.

However, if you ever see a password in plain text you should raise alarms to the highest level.

In this case, I don't think the alarm was raised.

[cogman10]

I agree, but also I know of devs that don't understand the basic security implications of passwords being in logs. I could easily see how someone, maybe even a couple of people, could see these logs and think nothing of them.

[vidarh]

Vast quantities of logs are never reviewed by anyone....