Skip to content

Latest commit

 

History

History
62 lines (49 loc) · 1013 Bytes

AvoidUsingPlainTextForPassword.md

File metadata and controls

62 lines (49 loc) · 1013 Bytes
description ms.date ms.topic title
Avoid Using Plain Text For Password Parameter
06/28/2023
reference
AvoidUsingPlainTextForPassword

AvoidUsingPlainTextForPassword

Severity Level: Warning

Description

Password parameters that take in plaintext will expose passwords and compromise the security of your system. Passwords should be stored in the SecureString type.

The following parameters are considered password parameters (this is not case sensitive):

  • Password
  • Pass
  • Passwords
  • Passphrase
  • Passphrases
  • PasswordParam

If a parameter is defined with a name in the above list, it should be declared with type SecureString.

How

Change the type to SecureString.

Example

Wrong

function Test-Script
{
    [CmdletBinding()]
    Param
    (
        [string]
        $Password
    )
    ...
}

Correct

function Test-Script
{
    [CmdletBinding()]
    Param
    (
        [SecureString]
        $Password
    )
    ...
}