Internet Explorer 在哪里存储保存的密码?

发布于 2024-09-05 11:04:40 字数 1549 浏览 4 评论 0原文

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

明媚殇 2024-09-12 11:04:40

我找到了答案。 IE 根据密码类型将密码存储在两个不同的位置:

  • Http-Auth: %APPDATA%\Microsoft\Credentials,在加密文件中
  • 基于表单:< URL 进行加密

/strong> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2,使用来自 NirSoft.com 上非常好的页面

从Internet 7.0版本开始
微软彻底改变了Explorer
保存密码的方式。在
以前的版本(4.0 - 6.0),全部
密码保存在一个特殊的
注册表中的位置称为
“受保护的存储”。在7.0版本中
Internet Explorer 的密码是
保存在不同的位置,
取决于密码的类型。
每种类型的密码都有一些
密码恢复的限制:

  • 自动完成密码:这些
    密码保存在以下位置
    在注册表中的位置:
    HKEY_CURRENT_USER\Software\Microsoft\Internet
    Explorer\IntelliForms\Storage2

    密码通过 URL 进行加密
    要求提供该信息的网站
    密码,因此它们只能是
    如果 URL 存储在中则恢复
    历史文件。如果您清除
    历史文件,IE PassView不会
    能够恢复密码直到
    您再次访问以下网站
    询问密码。
    或者,您可以添加一个列表
    需要用户访问的网站的 URL
    将名称/密码写入网站文件
    (见下文)。

  • HTTP 身份验证
    密码:
    存储这些密码
    在凭证文件下
    文档和设置\应用程序
    Data\Microsoft\Credentials
    ,一起
    具有局域网计算机的登录密码
    和其他密码。由于安全原因
    限制,IE PassView可以恢复
    仅当您有这些密码时
    管理员权限。

就我的具体情况而言,它回答了在哪里的问题;我决定不再重复这样的事情。我将继续使用 CredRead/CredWrite,用户可以在 Windows 中已建立的 UI 系统中管理其密码。

I found the answer. IE stores passwords in two different locations based on the password type:

  • Http-Auth: %APPDATA%\Microsoft\Credentials, in encrypted files
  • Form-based: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2, encrypted with the url

From a very good page on NirSoft.com:

Starting from version 7.0 of Internet
Explorer, Microsoft completely changed
the way that passwords are saved. In
previous versions (4.0 - 6.0), all
passwords were saved in a special
location in the Registry known as the
"Protected Storage". In version 7.0
of Internet Explorer, passwords are
saved in different locations,
depending on the type of password.
Each type of passwords has some
limitations in password recovery:

  • AutoComplete Passwords: These
    passwords are saved in the following
    location in the Registry:
    HKEY_CURRENT_USER\Software\Microsoft\Internet
    Explorer\IntelliForms\Storage2
    The
    passwords are encrypted with the URL
    of the Web sites that asked for the
    passwords, and thus they can only be
    recovered if the URLs are stored in
    the history file. If you clear the
    history file, IE PassView won't be
    able to recover the passwords until
    you visit again the Web sites that
    asked for the passwords.
    Alternatively, you can add a list of
    URLs of Web sites that requires user
    name/password into the Web sites file
    (see below).

  • HTTP Authentication
    Passwords:
    These passwords are stored
    in the Credentials file under
    Documents and Settings\Application
    Data\Microsoft\Credentials
    , together
    with login passwords of LAN computers
    and other passwords. Due to security
    limitations, IE PassView can recover
    these passwords only if you have
    administrator rights.

In my particular case it answers the question of where; and I decided that I don't want to duplicate that. I'll continue to use CredRead/CredWrite, where the user can manage their passwords from within an established UI system in Windows.

恍梦境° 2024-09-12 11:04:40

简短回答:在保险库中。从 Windows 7 开始,创建了一个保管库来存储其中的任何敏感数据(Internet Explorer 的凭据)。
Vault 实际上是一个本地系统服务 -Vaultsvc.dll。

长答案:
Internet Explorer 允许两种凭据存储方法:网站凭据(例如:您的 Facebook 用户和密码)和自动完成数据。从版本 10 开始,引入了一个新术语:Windows Vault,而不是使用注册表。 Windows 保管库是凭据管理器信息的默认存储保管库。

您需要检查正在运行哪个操作系统。如果是 Windows 8 或更高版本,则调用 VaultGetItemW8。如果不是,则调用VaultGetItemW7

要使用“Vault”,您需要加载名为“vaultcli.dll”的 DLL 并根据需要访问其功能。

典型的 C++ 代码将是:

hVaultLib = LoadLibrary(L"vaultcli.dll");

if (hVaultLib != NULL) 
{
    pVaultEnumerateItems = (VaultEnumerateItems)GetProcAddress(hVaultLib, "VaultEnumerateItems");
    pVaultEnumerateVaults = (VaultEnumerateVaults)GetProcAddress(hVaultLib, "VaultEnumerateVaults");
    pVaultFree = (VaultFree)GetProcAddress(hVaultLib, "VaultFree");
    pVaultGetItemW7 = (VaultGetItemW7)GetProcAddress(hVaultLib, "VaultGetItem");
    pVaultGetItemW8 = (VaultGetItemW8)GetProcAddress(hVaultLib, "VaultGetItem");
    pVaultOpenVault = (VaultOpenVault)GetProcAddress(hVaultLib, "VaultOpenVault");
    pVaultCloseVault = (VaultCloseVault)GetProcAddress(hVaultLib, "VaultCloseVault");

    bStatus = (pVaultEnumerateVaults != NULL)
        && (pVaultFree != NULL)
        && (pVaultGetItemW7 != NULL)
        && (pVaultGetItemW8 != NULL)
        && (pVaultOpenVault != NULL)
        && (pVaultCloseVault != NULL)
        && (pVaultEnumerateItems != NULL);
}

来枚举所有存储的凭据。

VaultEnumerateVaults

然后,您通过调用“Then you go over the results”

Short answer: in the Vault. Since Windows 7, a Vault was created for storing any sensitive data among it the credentials of Internet Explorer.
The Vault is in fact a LocalSystem service - vaultsvc.dll.

Long answer:
Internet Explorer allows two methods of credentials storage: web sites credentials (for example: your Facebook user and password) and autocomplete data. Since version 10, instead of using the Registry a new term was introduced: Windows Vault. Windows Vault is the default storage vault for the credential manager information.

You need to check which OS is running. If its Windows 8 or greater, you call VaultGetItemW8. If its isn't, you call VaultGetItemW7.

To use the "Vault", you load a DLL named "vaultcli.dll" and access its functions as needed.

A typical C++ code will be:

hVaultLib = LoadLibrary(L"vaultcli.dll");

if (hVaultLib != NULL) 
{
    pVaultEnumerateItems = (VaultEnumerateItems)GetProcAddress(hVaultLib, "VaultEnumerateItems");
    pVaultEnumerateVaults = (VaultEnumerateVaults)GetProcAddress(hVaultLib, "VaultEnumerateVaults");
    pVaultFree = (VaultFree)GetProcAddress(hVaultLib, "VaultFree");
    pVaultGetItemW7 = (VaultGetItemW7)GetProcAddress(hVaultLib, "VaultGetItem");
    pVaultGetItemW8 = (VaultGetItemW8)GetProcAddress(hVaultLib, "VaultGetItem");
    pVaultOpenVault = (VaultOpenVault)GetProcAddress(hVaultLib, "VaultOpenVault");
    pVaultCloseVault = (VaultCloseVault)GetProcAddress(hVaultLib, "VaultCloseVault");

    bStatus = (pVaultEnumerateVaults != NULL)
        && (pVaultFree != NULL)
        && (pVaultGetItemW7 != NULL)
        && (pVaultGetItemW8 != NULL)
        && (pVaultOpenVault != NULL)
        && (pVaultCloseVault != NULL)
        && (pVaultEnumerateItems != NULL);
}

Then you enumerate all stored credentials by calling

VaultEnumerateVaults

Then you go over the results.

被你宠の有点坏 2024-09-12 11:04:40

不能保证,但我怀疑 IE 使用较旧的 受保护存储 API。

No guarantee, but I suspect IE uses the older Protected Storage API.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文