Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Severity Level: Warning
Description
This rule detects function or script parameters with password-related names that are declared with a
string type instead of the SecureString type. Password parameters that accept plaintext expose
passwords and can compromise your system's security. You shouldn't accept passwords as plain text.
Instead, use the SecureString type to store passwords securely.
The following parameters are considered password parameters and aren't case sensitive:
- Password
- Pass
- Passwords
- Passphrase
- Passphrases
- PasswordParam
If you define a parameter with a name from the provided list, declare it with the SecureString type.
Example
Noncompliant
function Test-Script
{
[CmdletBinding()]
Param
(
[string]
$Password
)
...
}
Compliant
function Test-Script
{
[CmdletBinding()]
Param
(
[SecureString]
$Password
)
...
}