ApplicationPool password stored as plain text withing SharePoint

2009, Mar 28

A few days ago I was reading a blog (And I forgot what blog!!) with information that the ApplicationPool password was stored as plain text. If you don't believe me: check the screenshot below:

The password is as well accessible via the objectmodel, when runnin under elevatedPrivilges..

Lessons learned: Always try to have a least-privilegd installation for your SharePoint farm!