I'm working on a browser and I'm using Credentials Store to save passwords.
My problem is that the CredEnumerate function returns only Windows Credentials but I actually need Web Credentials. I'm using this class: https://gist.github.com/meziantou/10311113.
Do I need to pass a different parameter to the CredEnumerate function to return Web Credentials? I couldn't see any information about this on MSDN.
2 Answers
Answers 1
In the CredEnumerate function, set the second flag parameter to 1.
Look into the below documentation link for CRED_ENUMERATE_ALL_CREDENTIALS https://msdn.microsoft.com/en-us/library/windows/desktop/aa374794(v=vs.85).aspx
So try by passing 1 for second parameter instead of zero.
bool ret = CredEnumerate(null, 1, out count, out pCredentials); Answers 2
What Operating System are you targeting? For IE, from Windows 8 onward, I suggest you look at Windows.Security.Credentials.PasswordVault RetrieveAll() and RetrievePassword().
In any case, the bottom line is that it really depends on the browser... I think this article will help you greatly: http://raidersec.blogspot.co.uk/2013/06/how-browsers-store-your-passwords-and.html (and the links in the article too ie. http://securityxploded.com/iepasswordsecrets.php)
0 comments:
Post a Comment