0

Windows 8 have the Password Vault, where all Internet Explorer 11 passwords is saved. And there is a Credentials Manager in the Control Panel where i can read and edit these credentials. The Credential Manager do unfortunately not have a search and i wanted to create a searchable third-party credential manager. I took a look at the Windows.Security.Credentials class to retrieve the credentials, but it only retrieves credentials from the current application.

Is there any way of retrieving all credentials created by the application Internet Explorer?

Edit: Expanded my question some, and added a possible solution:

This application claims to be able to retrieve and decrypt the passwords for Windows 8 and IE10. The author credits this C++ code for the solution.

I havent had time to test the application nor the code example yet. I will update the post when i have done so.

emptyother
  • 143
  • 2
  • 8
  • 1
    What would be the point of having a password vault if you can freely browse its content ? – aybe Apr 15 '14 at 22:44
  • I can already freely browse its content by using Windows Credentials Manager. – emptyother Apr 16 '14 at 09:00
  • Obviously you can do that, what would be the point of a vault if you can't open it to get your content back ? Note that when you need to retrieve your stuff you do open the vault, not the fridge :D – aybe Apr 16 '14 at 16:48
  • Not entirely sure what point you are trying to make. I was looking for a way of reading the vault programmaticly the same way i do manually. A list of remembered sites, the username and the password. This maybe or maybe not encrypted, but i assume at least the password is. But one problem at a time. Is there any way of reading this list programmaticly (encrypted or not, but not limited to only the current application)? – emptyother Apr 19 '14 at 14:53
  • What I am trying to point out is that it is not possible to do so for obvious reasons. How come the vendor of a security system would let people access any part of its system ? It would be a very good vector for malware authors. IMO there's no point in even trying to find out if it is possible, even though you'd find some encrypted files and you try to decipher them (probably impossible) you would fall on the category that I just mentioned. In short, you should forget about that. – aybe Apr 19 '14 at 18:54
  • possible duplicate of [How do I store and retrieve credentials from the Windows Vault credential manager?](http://stackoverflow.com/questions/9221245/how-do-i-store-and-retrieve-credentials-from-the-windows-vault-credential-manage) – Shep Sep 10 '14 at 23:39

1 Answers1

0

Never got around to test the application, but I found the exact answer I was looking for from Tim Bertalot at this question. He uses Powershell to list both usernames and passwords, so that should be easily searchable.

It does worry me that there is no longer any need to input your credentials a second time, like you have to do when using the gui, to retrieve the passwords. Makes it too easy for anyone to get access to an unlocked workstation and with three lines of code export all passwords to a file, but i'm no security expert.

Community
  • 1
  • 1
emptyother
  • 143
  • 2
  • 8