Security Flaw: Database Migration Scripts Log Plaintext Passwords in Production Code

A critical security vulnerability has been identified in a production codebase, where database migration scripts are logging plaintext passwords directly to console output. The flaw, classified as a P0 high-severity issue, involves two specific functions within the `server/src/db/migrations.ts` file. On line 288, the `insertDemoUser` function logs a message containing the raw password, and on line 352, the `createAdminUser` function does the same. This creates a direct, cleartext record of sensitive credentials.

The vulnerability constitutes a clear violation of core security principles, specifically CWE-532 (Insertion of Sensitive Information into Log File) and CWE-312 (Cleartext Storage of Sensitive Information). The risk is amplified because application logs are frequently persisted to disk, ingested into centralized log aggregation systems, and can be captured in Docker container logs, systemd journals, and CI/CD pipeline outputs. This transforms a routine administrative or deployment task into a significant data exposure vector.

An attacker with read access to these log files—whether through compromised system access, misconfigured permissions, or exposed logging endpoints—could easily search for and extract valid user credentials. The exposed accounts, particularly an administrative user, provide a direct path for privilege escalation and system compromise. This flaw highlights a systemic failure in implementing data minimization and the principle of least privilege during development, leaving live systems unnecessarily vulnerable to credential harvesting.