Please suggest me where would be the problem for this issue and how can I rectify this..
- Storing a plaintext password in a VARCHAR(8) field.
- Storing SomeFunction(LEFT(password,8)) or even just LEFT(password,8)
- Someone figured out how to use ancient crypt() functionality in .NET
- Dave wrote his own code to store passwords.
To really investigate, you'll need to track down in the code just what happens when users submit the username/password.
To rectify, first read How to securely hash passwords? - though a lot of it may be refresher for you.
After that, if you want to use a pure .NET Framework function, see my answer to Is there a built in function to hash passwords in .NET?, which boils down to: Use RFC2898DeriveBytes with a random salt of 8-16 bytes (stored in plaintext) and as many iterations as you can. This is PBKDF2-HMAC-SHA-1.
If you're ok using a slight variant on a .NET Framework function, you can look at a fork of Jither's code at my github repository which allows for PBKDF2-HMAC-SHA-512 or PBKDF2-HMAC-SHA-384, both of which use 64-bit operations that reduce the advantage attackers with 2014 vintage GPU's have over defenders with 64-bit CPU based systems.
You can also try to find a .NET implementation of BCrypt or SCrypt, though be sure you trust it or test it.