Microwin admin password stored in plain text in unattend.xml

[kinou74]

Describe the bug

Hello
I've just tested microwin with a Win11 Ent LTSC image and found that the unattend.xml file at the root of C drive contains (twice) my local admin password stored in plain text.

To Reproduce

Steps to reproduce the behavior:
Create an image with microwin and set an admin account
Once Windows is installed from the new image, an "unattend.xml" file is left at the root of C: and this file contains the admin password in plain text,

Expected behavior

unattend.xml file shouldn't contain plain text password, hashed version instead.

[CodingWonders]

@kinou74, from my experience with using the unattended answer file generation service that this project uses, you can only obscure the password with Base64 encoding:

Does this suffice to you?

[kinou74]

Should be better than nothing I guess.
The most important thing is that we should be aware that the entered password is stored on the usb key in an unsecured way, should be a generic one just for iso deployement purpose, and must be changed right after Windows installation.

[CodingWonders]

We've now got passwords obscured with Base64:

Expect this fix to arrive to main soon