Skip to content

Latest commit

 

History

History
54 lines (42 loc) · 874 Bytes

AvoidUsingPlainTextForPassword.md

File metadata and controls

54 lines (42 loc) · 874 Bytes

AvoidUsingPlainTextForPassword

Severity Level: Warning

Description

Password parameters that take in plaintext will expose passwords and compromise the security of your system. Passwords should be stored in the SecureString type.

The following parameters are considered password parameters (this is not case sensitive):

  • Password
  • Pass
  • Passwords
  • Passphrase
  • Passphrases
  • PasswordParam

If a parameter is defined with a name in the above list, it should be declared with type SecureString

How

Change the type to SecureString.

Example

Wrong

function Test-Script
{
    [CmdletBinding()]
    Param
    (
        [string]
        $Password
    )
    ...
}

Correct

function Test-Script
{
    [CmdletBinding()]
    Param
    (
        [SecureString]
        $Password
    )
    ...
}