Missing User Warnings
Medium
- Confidence
- 97% confidence
- Finding
- The instructions require operators to place SSH passwords directly on the command line via `sshpass -p '{password}'` and to handle cloud `SecretId`/`SecretKey` values as CLI arguments. Command-line secrets can be exposed through shell history, process listings, logging, screenshots, or copied files, creating a substantial credential leakage risk. The use of `StrictHostKeyChecking=no` further weakens transport trust and increases exposure to man-in-the-middle attacks during migration.
