The current situation we see today is that the audit events in windows event viewer is exposing bind passwords for dxtools operation in our scripts including dxsearch and dxmodify. 

Example:

New Process Name: D:\CA\Directory\dxserver\bin\dxmodify.exe
Process Command Line: dxmodify  -h localhost -p port -D "uid=DirectoryAdmin,ou=Admins,o=broadcom,c=US" -w "exposed-plain-text-password"

This is happening using both dxsearch and dxmodify. 

Is it possible to not expose the password in the command?

Release : 14.1

Due to Ldapsearch restrictions, the bind password must be in clear-text but to maybe help you with your issue with the password showing up within event viewer you can try performing the below steps.

1) Create a file that contains the clear-text password.

2) Modify your code to use the -y command. This will have the dxmodify use the password in your file and your event viewer will most likely not show your plain text file.

Example:

dxsearch -b o=broadcom,c=US -D uid=DirectoryAdmin,ou=Admins,o=broadcom,c=US -y "C:\bind.txt" -h Hostname:19389 

bind.txt contents:
MyPassword

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/directory/14-1/administrating/tools-to-manage-ca-directory/dxtools/dxsearch-tool-search-a-directory.html

Please test this locally and let me know if it remediates the vulnerability of the password being in clear-text within the event viewer.