Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Severity Level: Warning
Description
This rule detects the AllowUnencryptedAuthentication parameter used with Invoke-WebRequest and
Invoke-RestMethod cmdlets. When AllowUnencryptedAuthentication is used, it permits credentials
and secrets to be transmitted over unencrypted connections, creating a security risk.
Avoid using this parameter unless you must maintain compatibility with legacy systems that require unencrypted authentication.
To learn more, see Invoke-WebRequest and Invoke-RestMethod.
Example
Noncompliant
Invoke-WebRequest foo -AllowUnencryptedAuthentication
Compliant
Invoke-WebRequest foo