Vtiger CRM stores customer portal password in plain text.

it should store the hash of the password using the php crypt function http://php.net/manual/en/function.crypt.php the reset password function should then generate a new password and mail it out, or mail out a change password link.