Microsoft.Open.AzureAD.Model.PasswordProfile should be replaced with a model or method that uses SecureString

Open SamErde opened this issue 10 months ago • 0 comments

The following scripts rely on the Microsoft.Open.AzureAD.Model.PasswordProfile class, which stores and transmits password values in a plain string instead of a secure string.

O365/AzureAD/Users/New-AADUser.ps1
User Management/LIB/ABOnOffBoardingLib.ps1
User Management/UserManagement/LIB/ABOnOffBoardingLib.ps1
Statistics/Samples/New-AADUser.ps1

A conversation about a related finding can be read in microsoftgraph/entra-powershell/issues/1360 with an example of a potential mitigation in Bug fix: Update-EntraUserFromFederated to use SecureString #1371.

Feb 27 '25 15:02 SamErde