Missing User Warnings
Medium
- Confidence
- 96% confidence
- Finding
- The script takes the password as a positional command-line argument, which can expose the secret through shell history, process listings, audit logs, and wrapper tooling. In a password utility, this is especially risky because users are likely to paste real credentials, turning a local strength check into inadvertent credential disclosure.
