All system passwords must be stored in a unique data source.
CWE-522: Insufficiently Protected Credentials: The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
OWASP-ASVS v4.0.1 V6.4 Secret Management.(6.4.1): Verify that a secrets management solution such as a key vault is used to securely create, store, control access to and destroy secrets.
OWASP-ASVS v4.0.1 V6.4 Secret Management.(6.4.2): Verify that key material is not exposed to the application but instead uses an isolated security module like a vault for cryptographic operations.