Title: Rule Request: `AvoidPlaintextParameterPasswords` · Issue #2139 · PowerShell/PSScriptAnalyzer · GitHub
Open Graph Title: Rule Request: `AvoidPlaintextParameterPasswords` · Issue #2139 · PowerShell/PSScriptAnalyzer
X Title: Rule Request: `AvoidPlaintextParameterPasswords` · Issue #2139 · PowerShell/PSScriptAnalyzer
Description: Similar to the rule AvoidUsingPlainTextForPassword, passing plaintext passwords to external/binary cmdlets should be avoided. This includes cmdlets as e.g.: PS C:\> Get-Command -ParameterName Password CommandType Name Version Source ----...
Open Graph Description: Similar to the rule AvoidUsingPlainTextForPassword, passing plaintext passwords to external/binary cmdlets should be avoided. This includes cmdlets as e.g.: PS C:\> Get-Command -ParameterName Passw...
X Description: Similar to the rule AvoidUsingPlainTextForPassword, passing plaintext passwords to external/binary cmdlets should be avoided. This includes cmdlets as e.g.: PS C:\> Get-Command -ParameterName Pa...
Opengraph URL: https://github.com/PowerShell/PSScriptAnalyzer/issues/2139
X: @github
Domain: patch-diff.githubusercontent.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Rule Request: `AvoidPlaintextParameterPasswords`","articleBody":"Similar to the rule [`AvoidUsingPlainTextForPassword`](https://learn.microsoft.com/powershell/utility-modules/psscriptanalyzer/rules/avoidusingplaintextforpassword), passing plaintext passwords to external/binary cmdlets should be avoided.\n\nThis includes cmdlets as e.g.:\n```PowerShell\nPS C:\\\u003e Get-Command -ParameterName Password\n\nCommandType Name Version Source\n----------- ---- ------- ------\nFunction Register-ScheduledTask 1.0.0.0 ScheduledTasks\nFunction Set-ScheduledTask 1.0.0.0 ScheduledTasks\n```\n\nBut could potentially any imported (binary) cmdlet with a [bound parameter](https://stackoverflow.com/a/79634016/1701026) named `Password` and of type `String`\nKnowing that the `AvoidUsingPlainTextForPassword` rule might not capture the security risk when using a different variable name (e.g. `-Password $Wachtwoord`) or a password that is statically provided:\n\n```PowerShell\nInvoke-ScriptAnalyzer -ScriptDefinition {\nSet-ScheduledTask -TaskName 'SoftwareScan' -Trigger $Time -User 'User' -Password 'P@ssw0rd'\n}.ToString()\n```\n\nRelated:\n- Rule request: AvoidSecureStringDisclosure #1997\n- PowerShell issue: https://github.com/PowerShell/PowerShell/issues/26366 and https://github.com/PowerShell/PowerShell/issues/16502\n- Document issue: https://github.com/MicrosoftDocs/windows-powershell-docs/issues/4051","author":{"url":"https://github.com/iRon7","@type":"Person","name":"iRon7"},"datePublished":"2025-11-03T19:31:42.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/2139/PSScriptAnalyzer/issues/2139"}| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:ec2ca25a-a231-7ddd-3f3c-1c947d092d9a |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | CA24:3C0C98:1C2CE84:2562ADA:696EE1E8 |
| html-safe-nonce | 69c646cde095bf9b4454e6e6805cb46b8fb64bbd3264488f737fea490dd9047e |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJDQTI0OjNDMEM5ODoxQzJDRTg0OjI1NjJBREE6Njk2RUUxRTgiLCJ2aXNpdG9yX2lkIjoiMzEyODg2MjQ0Njg4MTUzMDM0NCIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | 0018f3fdfb1b5ef6b6f0d79e02511442721750ba56be7c95795e3d61ccde35f0 |
| hovercard-subject-tag | issue:3583438683 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/PowerShell/PSScriptAnalyzer/2139/issue_layout |
| twitter:image | https://opengraph.githubassets.com/87b9ed5486282a4fe1ec587279bad3514a54cb2ef9db3d833e6dd56120f818ff/PowerShell/PSScriptAnalyzer/issues/2139 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/87b9ed5486282a4fe1ec587279bad3514a54cb2ef9db3d833e6dd56120f818ff/PowerShell/PSScriptAnalyzer/issues/2139 |
| og:image:alt | Similar to the rule AvoidUsingPlainTextForPassword, passing plaintext passwords to external/binary cmdlets should be avoided. This includes cmdlets as e.g.: PS C:\> Get-Command -ParameterName Passw... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | iRon7 |
| hostname | github.com |
| expected-hostname | github.com |
| None | b278ad162d35332b6de714dfb005de04386c4d92df6475522bef910f491a35ee |
| turbo-cache-control | no-preview |
| go-import | github.com/PowerShell/PSScriptAnalyzer git https://github.com/PowerShell/PSScriptAnalyzer.git |
| octolytics-dimension-user_id | 11524380 |
| octolytics-dimension-user_login | PowerShell |
| octolytics-dimension-repository_id | 33149177 |
| octolytics-dimension-repository_nwo | PowerShell/PSScriptAnalyzer |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 33149177 |
| octolytics-dimension-repository_network_root_nwo | PowerShell/PSScriptAnalyzer |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 39aed5006635ab6f45e6b77d23e73b08a00272a3 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width