I returned to the office on Tuesday and immediately got stuck into some work for a new client we’re in the process of taking on-board. They needed some modifications to their Firewall, and I’d already used murky methods to deduce the Administrator password which the previous feckless IT Support provider had not made available to us. In fact, the previous IT Support provider had left zero documentation whatsoever – they weren’t a fan of Karl Palachuk’s methodology then.

Once logged onto the server, we logged onto the Router with ease. I say with ease because from the server console, Internet Explorer had cached the username and password for Router access. We didn’t know the password, but we could still gain access to the Router to make our changes. It seems the previous IT Support provider was also not very security conscious – not a fan of Steve Lambs blog either then.

However, we were still faced with the fact we didn’t know the Router password to enable us to logon from any other machine bar the server with the cached credentials – and therefore faced with the fact we would need to factory reset the Router and all it’s working settings, just to enable us to change this password to something of our own choice.

Then a thought occurred. Internet Explorer has the password cached – surely there’s some way of decrypting that information so it’s readable?

There is – and it’s a freeware package called IEPassView

IEPassView is a  small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 – v6.0. There are also similar versions for Firefox – just in case you thought I was bashing Microsoft over Open Source alternatives.

Thirty seconds after downloading IEPassView, the Router password – and an incredible amount of other passwords (thanks for the logon to your Hotmail and Facebook account guys!) – were revealed to me, and I’d subsequently changed the Router password saving myself a heap of time.

Now I got a few e-mails bemoaning the fact that I was giving away "Trade Secrets" with my blog post on Magical Jellybean Keyfinder – but frankly, the above tale is a great example of two things – feckless documentation and an IT Professional (and I use that word sarcastically) believing that he/she were in control of the server in question.

Whilst convenient to use, Internet Explorer (or Firefox) Password Cache is not a secure place to store credentials as IEPassView proves. If you lost control of any of your clients servers, or even your own laptop or desktop, what information could someone else glean from it using freely available tools?


3 Responses to “IEPassView”

  1. 1 Gareth August 7, 2008 at 10:22 am

    Richard hi,
    We are on the same mark here – At Sytec we use a maxim throughout our business, Research, Record & Repeat (comments regarding "Trade Secrets" and other wizardry usually only reveal something about the commentator).
    Any business that offers an open and transparent approach with customers develops the relationship, whereas a business that works magic with ‘secret methods’ only highlights the risk of involving them.
    Hope to see you soon.
    Regards, Gareth

  2. 2 Unknown August 7, 2008 at 4:38 pm

    "Trade Secrets?" pah!
    Did you really get emails like that?  Do they not know google is available to everyone?
    Gotta love the nirsoft website…they have some cracking tools!

  3. 3 Richard August 8, 2008 at 9:24 am

    Andy – yes, I really get e-mails like that. The argument is that I\’m drawing attention to vulnerabilities that would otherwise may go unnoticed. My response is that if the information to exploit the vulnerability is out there, then don\’t "hope" you won\’t get caught, be aware that at some point you *will* get caught and therefore prepare for that eventuality appropriately.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Tubblog on Twitter


Enter your email address to subscribe to Tubblog and receive notifications of new posts by email.

Join 48 other followers

Microsoft Small Business Specialist Logo
Computer Weekly Blog Awards 2010 Logo
MSP Mentor 250 Logo
SMB 150 List Logo
International Association of Microsoft Channel Partners Logo Registered & Protected

%d bloggers like this: