PlainText Password

Question

PlainText Password

Closed this issue 3 months ago · 3 comments

On https://github.com/tjames192/PSCUC/blob/master/Public/Connect-CUC.ps1

Password could be a parameter read in from Secure String format to limit the exposure of a password in plaintext when using the module, it should then be cleared from memory after it gets encoded. This would minimize the exposure even though the plaintext is somewhat required. Thoughts?

Maybe something like this

`
.....

    [Parameter(Mandatory = $false, HelpMessage = 'Cisco Unity password')]
    [SecureString]$Password,

   .....

    $Destroyptr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password)
    $EncodedAuthorization = [System.Text.Encoding]::UTF8.GetBytes($Username + ':' + ([System.Runtime.InteropServices.Marshal]::PtrToStringBTSR($destroyptr)))
    $EncodedPassword = [System.Convert]::ToBase64String($EncodedAuthorization)
    $DestroyPtr = $null #Clears plain from memory
    $EncodedAuthorization = $null #Clears plain from memory

`

Answer 1 · 2024-06-21T18:40:19.000Z

I think you are mostly on the right path securing the password from plaintext.
I'll see what can be done

Answer 2 · 2024-06-21T19:59:33.000Z

updated both:
Get-CUCAuth
Connect-CUC

removed username, password string variables. replaced with credential object.
now use

Connect-CUC server -Credentials (get-credential)

Answer 3 · 2024-06-21T20:23:59.000Z

Much better practice. Thanks!