Skip to content

Latest commit

 

History

History
63 lines (50 loc) · 1.01 KB

AvoidUsingPlainTextForPassword.md

File metadata and controls

63 lines (50 loc) · 1.01 KB
Raw
description ms.custom ms.date ms.topic title
Avoid Using Plain Text For Password Parameter
PSSA v1.22.0
06/28/2023
reference
AvoidUsingPlainTextForPassword

AvoidUsingPlainTextForPassword

Severity Level: Warning

Description

Password parameters that take in plaintext will expose passwords and compromise the security of your system. Passwords should be stored in the SecureString type.

The following parameters are considered password parameters (this is not case sensitive):

  • Password
  • Pass
  • Passwords
  • Passphrase
  • Passphrases
  • PasswordParam

If a parameter is defined with a name in the above list, it should be declared with type SecureString.

How

Change the type to SecureString.

Example

Wrong

function Test-Script
{
    [CmdletBinding()]
    Param
    (
        [string]
        $Password
    )
    ...
}

Correct

function Test-Script
{
    [CmdletBinding()]
    Param
    (
        [SecureString]
        $Password
    )
    ...
}