search

vmware / PowerCLI-Example-Scripts

http://blogs.vmware.com/powercli
Other
743 stars 601 forks source link

New-OSCustomizationSpec DomainAdminPassword and DomainPassword properties from DomainCredentials show plain text. #600

Closed Alta2048 closed 1 year ago

Alta2048 commented 1 year ago

Describe the bug

Hello All,

PowerCLI 12.6.0

Cmdlet New-OSCustomizationSpec with OStype Windows , return an object that contains the password from DomainCredentials as plain text.

Reproduction steps

Here it is 

$CustomPARAMs = @{
    type              = 'NonPersistent'
    Name              = 'CustomSpec'
    AdminPassword     = $(Get-Credential -Credential 'localUser')
    Domain            = 'dom.local'
    OrgName           = 'PowercliCorp'
    ChangeSid         = $True
    Description       = 'Customisation specification'
    DomainCredentials = $(Get-Credential -Credential 'dom\JoinDomUser')
    FullName          = 'Administrator'
    NamingScheme      = 'VM'
    TimeZone          = 056
    OSType            = 'Windows'
}
$CustomResult = New-OSCustomizationSpec @CustomPARAMs

our returned object shows :

$CustomResult | Select *

it will display 

Name                  : CustomSpec
Type                  : NonPersistent
ServerId              : /Local=/
Server                :
LastUpdate            :
DomainAdminUsername   : dom\JoinDomUser
DomainUsername        : dom\JoinDomUser
Description           : Customisation specification
AutoLogonCount        :
ChangeSid             : True
DeleteAccounts        : False
DnsServer             :
DnsSuffix             :
Domain                : dom.local
FullName              : Administrator
GuiRunOnce            :
NamingPrefix          :
NamingScheme          : Vm
OrgName               : PowercliCorp
OSType                : Windows
ProductKey            :
TimeZone              : Pacific S.A.
Workgroup             :
LicenseMode           : NotSpecified
LicenseMaxConnections :
EncryptionKey         :
ExtensionData         :
Id                    : xxxxx-xxxxx-xxxxxx
Uid                   : /Local=/OSCustomizationSpec=xxxxx-xxxx-xxxxxx
AdminPassword         : System.Management.Automation.PSCredential
DomainAdminPassword   : oops
DomainPassword        : oops

it will display the password in clear text. DomainAdminPassword : oops DomainPassword : oops

Expected behavior

both properties for DomainAdminPassword and DomainPassword should display: System.Management.Automation.PSCredential (same as the AdminPassword property.)

Thanks for your time.

Additional context

No response

Alta2048 commented 1 year ago

my bad , I forgot that may have used the encryption key for the other property: https://vdc-repo.vmware.com/vmwb-repository/dcr-public/6b586ed2-655c-49d9-9029-bc416323cb22/fa0b429a-a695-4c11-b7d2-2cbc284049dc/doc/vim.vm.customization.Specification.html

encryptionKey: Byte array containing the public key used to encrypt any passwords stored in the specification. Both the client and the server can use this to determine if stored passwords can be decrypted by the server or if the passwords need to be re-entered and re-encrypted before the specification can be used.