Credential reset allows the use of weak passwords for Service Principals #20675
Labels
Breaking Change
feature-request
Microsoft Graph
question
The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Milestone
Describe the bug
When creating a service principal, the password by default is not allowed to be set by the end user in order to prevent weak passwords. However, this feature was not ported into the credential reset command and therefore weak passwords are still possible.
Documentation: https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli
![image](https://user-images.githubusercontent.com/28765633/145451914-185cb258-b7af-44a4-b100-1d0e994749d1.png)
To Reproduce
![image](https://user-images.githubusercontent.com/28765633/145452319-26c4bfa1-04be-4ede-85d6-1c0192655812.png)
az ad sp credential reset --name "ResetClientSecret" --credential-description CliSecViaCLI --password ABC123
Expected behavior
Client Secret is not directly settable via CLI
Environment summary
![image](https://user-images.githubusercontent.com/28765633/145452579-b23d34cc-bd00-4817-b4ae-e87b96e60201.png)
The text was updated successfully, but these errors were encountered: