Where does Internet Explorer store saved passwords?
Solution 1
I found the answer. IE stores passwords in two different locations based on the password type:
-
Http-Auth:
%APPDATA%\Microsoft\Credentials
, in encrypted files -
Form-based:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2
, encrypted with the url
From a very good page on NirSoft.com:
Starting from version 7.0 of Internet Explorer, Microsoft completely changed the way that passwords are saved. In previous versions (4.0 - 6.0), all passwords were saved in a special location in the Registry known as the "Protected Storage". In version 7.0 of Internet Explorer, passwords are saved in different locations, depending on the type of password. Each type of passwords has some limitations in password recovery:
AutoComplete Passwords: These passwords are saved in the following location in the Registry:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2
The passwords are encrypted with the URL of the Web sites that asked for the passwords, and thus they can only be recovered if the URLs are stored in the history file. If you clear the history file, IE PassView won't be able to recover the passwords until you visit again the Web sites that asked for the passwords. Alternatively, you can add a list of URLs of Web sites that requires user name/password into the Web sites file (see below).HTTP Authentication Passwords: These passwords are stored in the Credentials file under
Documents and Settings\Application Data\Microsoft\Credentials
, together with login passwords of LAN computers and other passwords. Due to security limitations, IE PassView can recover these passwords only if you have administrator rights.
In my particular case it answers the question of where; and I decided that I don't want to duplicate that. I'll continue to use CredRead
/CredWrite
, where the user can manage their passwords from within an established UI system in Windows.
Solution 2
Short answer: in the Vault. Since Windows 7, a Vault was created for storing any sensitive data among it the credentials of Internet Explorer. The Vault is in fact a LocalSystem service - vaultsvc.dll.
Long answer: Internet Explorer allows two methods of credentials storage: web sites credentials (for example: your Facebook user and password) and autocomplete data. Since version 10, instead of using the Registry a new term was introduced: Windows Vault. Windows Vault is the default storage vault for the credential manager information.
You need to check which OS is running. If its Windows 8 or greater, you call VaultGetItemW8. If its isn't, you call VaultGetItemW7.
To use the "Vault", you load a DLL named "vaultcli.dll" and access its functions as needed.
A typical C++ code will be:
hVaultLib = LoadLibrary(L"vaultcli.dll");
if (hVaultLib != NULL)
{
pVaultEnumerateItems = (VaultEnumerateItems)GetProcAddress(hVaultLib, "VaultEnumerateItems");
pVaultEnumerateVaults = (VaultEnumerateVaults)GetProcAddress(hVaultLib, "VaultEnumerateVaults");
pVaultFree = (VaultFree)GetProcAddress(hVaultLib, "VaultFree");
pVaultGetItemW7 = (VaultGetItemW7)GetProcAddress(hVaultLib, "VaultGetItem");
pVaultGetItemW8 = (VaultGetItemW8)GetProcAddress(hVaultLib, "VaultGetItem");
pVaultOpenVault = (VaultOpenVault)GetProcAddress(hVaultLib, "VaultOpenVault");
pVaultCloseVault = (VaultCloseVault)GetProcAddress(hVaultLib, "VaultCloseVault");
bStatus = (pVaultEnumerateVaults != NULL)
&& (pVaultFree != NULL)
&& (pVaultGetItemW7 != NULL)
&& (pVaultGetItemW8 != NULL)
&& (pVaultOpenVault != NULL)
&& (pVaultCloseVault != NULL)
&& (pVaultEnumerateItems != NULL);
}
Then you enumerate all stored credentials by calling
VaultEnumerateVaults
Then you go over the results.
Related videos on Youtube
mistertodd
Any code is public domain. No attribution required. జ్ఞా <sup>🕗</sup>🕗 Yes, i do write i with a lowercase i. The Meta Stackexchange answer that I am most proud of
Updated on July 09, 2022Comments
-
mistertodd over 1 year
Where does Internet Explorer store saved passwords?
And since this is a programming site, I'm not literally asking for the location where IE stores passwords, but which API IE uses to save passwords.
At first I assumed that Microsoft was using the standard api:
which is used to save domain and generic program/web-site credentials.
CredRead
/CredWrite
then turn around around and use:to encrypt data with the current user's account.
CredRead
/CredWrite
then store the data in some magical location, contents of which you can see from the Control Panel:But I don't see IE passwords in there. So IE doesn't store passwords using
CredRead
/CredWrite
.What API does IE use to store passwords, and if it uses
CryptProtectData
, where does it then store the protected data?
Edit: The reason I ask needs no explanation (since it's pretty obvious), but it's because I might want to use the same mechanism.
-
mistertodd almost 14 yearsYou're partially right. Internet Explorer 4-6 uses the Protected Storage API. IE 7-8 store passwords in the registry, and a file, depending on the password type.
-
jamil ahmed almost 14 yearsPSAPI was deprecated a long time ago. IE6 used it last.
-
HPWD about 10 yearsCan you retrieve them if they are on an old hard drive sitting on the shelf? Not you as in YOU but you in the general sense. :)
-
mistertodd about 10 years@dlackey Conceptually it is possible, as long as you know your old Windows password.