There is a security weakness in the command line parameters:
dwrcc.exe [-?|-?:] [-c:] [-h:] [-m:MachineName] [-u:UserName] [-p:Password | -p:"Password"] [-d:Domain] [-o:TCPport] [-s:SharedSecret] [-r:] [-vnc:] [-a:0|1|2] [-prxa:MRCproxyAddress] [-prxp:MRCproxyPort] [-prxsMRCproxySecret] [-v:] [-md:] [-i:n] [-x:] [-bh:CentralServerHostAddress] [-bpn: CentralServerPortNumber] [-bu:CentralServerUserName] [-bps:CentralServerUserPassword]
-p:Password
This password argument cannot handle SecureString as Input Parameter, only simple Strings - The calling executable hands-over the password argument to the DWRCC.exe in String/PlainText (Password is plain visible in Microsoft Defender ATP for example) - This can be used for malware to gather passwords.
Please implement SecureString for the password parameter.