Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modify SsoAdmin module to use SecureString for Passwords #597

Open
darkhonor opened this issue Nov 26, 2022 · 1 comment
Open

Modify SsoAdmin module to use SecureString for Passwords #597

darkhonor opened this issue Nov 26, 2022 · 1 comment
Labels
enhancement

Comments

@darkhonor
Copy link

Is your feature request related to a problem? Please describe.

Currently, New-SsoPersonUser, Set-SsoPersonUser, and Set-SsoSelfPersonUserPassword all use Strings to specify a Password for the user. This is a poor security practice and should be avoided since many local policies log all PowerShell commands, and hence the password values.

Describe the solution you'd like

Modify each of these functions to collect the password from the user as a SecureString. Once inside the function, the plaintext password can be extracted and passed along the secure connection to the SsoServer.

Describe alternatives you've considered

Short of asking for the password during execution rather than allow the passwords to be passed as a parameter, there are no clear ways to eliminate this vulnerability.

Additional context

No response
@et1975
Copy link

et1975 commented Sep 12, 2023

Non-breaking alternative - consider offering -Credential parameter that takes Credential or PSCredential object.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@et1975 @darkhonor