[LAN] remove saved password - workaround for WM5

Support for PocketPC and WinCE version

Moderators: white, Hacker, petermad, Stefan2

Post Reply
saimhe
New Member
New Member
Posts: 1
Joined: 2007-08-03, 14:09 UTC

[LAN] remove saved password - workaround for WM5

Post by *saimhe »

This has been addressed earlier (URL) without any solution suitable for me. WM 5.1.195 here does not have a password management applet. My problem was that I needed to log on as a different user but that damned dialog won't pop up again.

I discovered that Credential Manager (URL) handles these passwords. From the API point of view, each password is addressed by "user identifier" and "target" string pair. The worst thing here is that identifiers and targets can't be enumerated -- one must know the pair in advance to do anything with the password, including its removal.

Apparently a particular password is stored in registry as some fancy structure (REG_BINARY Cred) at

HKEY_LOCAL_MACHINE\Comm\Security\CredMan\Creds\<index>

By a quick glance at contents, only CRED_VER_1 = 0x00000001 and perhaps CALG_SHA1 = 0x00008004 can be identified. If it really means storing SHA-1 hashes of "user identifier" and "target" (two 16-byte hashes prefixed by their 4-byte lengths can be identified as well), enumeration is effectively prevented even for Manager itself. In order to remove a particular password, we must do that blindly by guessing the right <index>. Perhaps remote debugging or similar techniques would shed some light about how a particular application builds wszUser and especially wszTarget -- this can help a lot if the LAN resource name is known. Otherwise there is little point to write some password recovery utility, and that's why none exists so far.

After removing a particular <index> key, REG_DWORD NumCreds at HKEY_LOCAL_MACHINE\Comm\Security\CredMan\Creds must be decremented by one.

I was lucky: that share password was the last account information that I recently added, so removing the last <index> was enough. Heck, I had only 7 entries there! Identifying some older entry, especially if the list is long, would be dull and time-consuming, however not impossible if backing up each time.

Some may consider adding DisallowSavedNetworkPasswords=1 (URL) to the registry. Then passwords allegedly are not saved regardless of user choices. But the name literally means something different.

I removed URLs because the antispam filter doesn't allow posting otherwise. If this post is worth it, any moderator may contact me via email (I'm afraid that PMs won't work too :P) and fix it including this remark.
Top
User avatar
ghisler(Author)
Site Admin
Site Admin
Posts: 48113
Joined: 2003-02-04, 09:46 UTC
Location: Switzerland
Contact:
Contact ghisler(Author)

Post by *ghisler(Author) »

Thanks for the useful information! It's sad that this is so badly documented...
Author of Total Commander
https://www.ghisler.com
Top
Post Reply

Return to “Total Commander Pocket”