PowerCLI-Example-Scripts icon indicating copy to clipboard operation
PowerCLI-Example-Scripts copied to clipboard

Published 20 hours ago verified publisher icon vmware

Modify SsoAdmin module to use SecureString for Passwords

Open darkhonor opened this issue 2 years ago • 1 comments
trafficstars

Is your feature request related to a problem? Please describe.

Currently, New-SsoPersonUser, Set-SsoPersonUser, and Set-SsoSelfPersonUserPassword all use Strings to specify a Password for the user. This is a poor security practice and should be avoided since many local policies log all PowerShell commands, and hence the password values.

Describe the solution you'd like

Modify each of these functions to collect the password from the user as a SecureString. Once inside the function, the plaintext password can be extracted and passed along the secure connection to the SsoServer.

Describe alternatives you've considered

Short of asking for the password during execution rather than allow the passwords to be passed as a parameter, there are no clear ways to eliminate this vulnerability.

Additional context

No response

darkhonor avatar Nov 26 '22 06:11 darkhonor

Non-breaking alternative - consider offering -Credential parameter that takes Credential or PSCredential object.

et1975 avatar Sep 12 '23 15:09 et1975