If you have not read these comments by MoW and Lee which they added to the PowerShell Security summary I posted last week please do.
Both of them commented on my concern on PowerShell being able to expose in clear text the credentials you specify when being prompted by username and/or password by a PowerShell script. In a nutshell, the bottomline is that it does not really matter. Yes, PowerShell makes retrieving the credentials a simple call of a function but even if it were not that easy, someone would have been able to retrieve it anyway.
These are good points and they have to do with the worst thing a technology can do: give you a false sense of security. If PowerShell pretends that it is keeping passwords safe but in fact it is not – this is the issue. If you are providing your credentials to a script you might want to become cautious of what the script does with them.
I think I still have mixed feelings about the issue, because when seeing Windows system credential prompt I kind of assume tighter security around the credentials I specify, but I can definitely see the point which MoW and Lee are making. Please read their comments for more details.
Subscribe by email
Dmitry's Blog: Cloud, PowerShell and beyond 
Thanks for posting this Dmitry.
MoW and Lee may be convinced that this is not a problem, but as I wrote earlier this evening:
Furthermore, it’s not as if exposing a cleartext password involves a complex hack – by lunchtime on the first day of a Windows PowerShell Fundamentals course we had realised that passwords were available in this way – I’m no scripting expert and if I can find it, then so can those who are less scrupulous.
Mark
I think that as we all keep pushing the guys might change their opinion and change the design. 😉
As I said this was indeed an unpleasant surprise for me. However, I do want to add a few thoughts here just to show that this might all be not that straight-forward:
1. I am not sure this is something that really enables phishing attacks impossible otherwise. After all, if you trust a script or executable, and the script is malicious it can indeed mock up a system dialog box prompting for credentials and then use them whatever way it likes. So even if this way to get the clear text credentials did not exist, phishing would still be possible and relatively easy. Do not run what you do not trust.
By the way, this leads to a possible other feature request: let policies define what kind of access scripts get. For example, I might not want scripts to get access to the internet, or file system, etc.
2. My understanding is that although Active Directory indeed stores hashes instead of passwords this is not the case with local Windows password store. As far as I understand, credentials which get saved locally when you click that “Remember” checkbox when connecting to a site or computer are stored not as hashes but as encrypted data which can fairly easily be recovered should someone get access to your computer. Don’t trust any local credentials storage too much.