Passwords and SecureString, How To Decode It with Powershell

Powershell is frequently described as secure by default or design, but I’ve found that end-users could be frequently tempted to take risks or bypass the security or not aware of what the implications are.

Nothing really new to most developers or sysadmins, but not many of them have gone through the process of decoding a SecureString, even if is quite a trivial exercise.

Just a simple example :

The $Cred ($PSCredential)object shows the username in clear text and protects the password saving it within a SecureString object.  What we think that object secure, right? Unfortunately, it’s not so secure!

Under that session can be decoded or de-crypted with this simple oneliner that I’ve declared in a function to make it easier to use.

Are you curious to reveal your password? After running the previous script is simple as that:

Security Considerations

Remember that all $cred (Get-Credential) variables  protect your password with a SecureString object and this should be treated very carefully and deleted as soon are not required any more because can be decoded or de-crypted under the same powershell session or within the same user context.

In the next post we will talk how to store the credentials, usually required for automation or scheduled tasks.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.