Sentinel Exposes Plaintext Email Verification Token Vulnerability in Registration Service

A critical security flaw was discovered in a registration service where email verification tokens were being stored and queried in plaintext within the database. This medium-severity vulnerability created a direct pathway for account takeover and impersonation. If the database were compromised, an attacker could steal these tokens to fraudulently verify accounts they control or impersonate legitimate users, especially if they intercepted the token during transmission.

The vulnerability was identified and fixed by hashing the tokens using SHA-256 (`crypto.createHash('sha256')`) before any database storage or lookup operations. The fix was implemented across core authentication files, including `registration-service.ts`, `api/v1/auth/verify-email/route.ts`, `api/v1/auth/resend-verification/route.ts`, and `actions/auth.ts`. Automated verification and linter checks confirmed the logic modifications were successful, closing the exposure.

This incident highlights a persistent risk in authentication systems where sensitive, single-use credentials are not properly secured at rest. The plaintext storage of verification tokens represents a fundamental security oversight that could have led to widespread account compromise. The automated remediation, triggered by task [9835338394436687484] and initiated by @avifenesh, demonstrates the critical need for continuous security auditing in development pipelines to catch such flaws before they reach production.