How to use IEPassView to display a cached Password

How to use IEPassView to display a cached Password

I returned to the office on Tuesday and immediately got stuck into some work for a new client we’re in the process of taking on-board. They needed some modifications to their Firewall, and I’d already used murky methods to deduce the Administrator password which the previous feckless IT Support provider had not made available to us. In fact, the previous IT Support provider had left zero documentation whatsoever – they weren’t a fan of Karl Palachuk’s methodology then.

Once logged onto the server, we logged onto the Router with ease. I say with ease because from the server console, Internet Explorer had cached the username and password for Router access. We didn’t know the password, but we could still gain access to the Router to make our changes. It seems the previous IT Support provider was also not very security conscious – not a fan of Steve Lambs blog either then.

However, we were still faced with the fact we didn’t know the Router password to enable us to logon from any other machine bar the server with the cached credentials – and therefore faced with the fact we would need to factory reset the Router and all it’s working settings, just to enable us to change this password to something of our own choice.

Then a thought occurred. Internet Explorer has the password cached – surely there’s some way of decrypting that information so it’s readable?

There is – and it’s a freeware package called IEPassView

IEPassView is a  small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 – v6.0. There are also similar versions for Firefox– just in case you thought I was bashing Microsoft over Open Source alternatives.

Thirty seconds after downloading IEPassView, the Router password – and an incredible amount of other passwords (thanks for the logon to your Hotmail and Facebook account guys!) – were revealed to me, and I’d subsequently changed the Router password saving myself a heap of time.

Now I got a few e-mails bemoaning the fact that I was giving away “Trade Secrets” with my blog post on Magical Jellybean Keyfinder– but frankly, the above tale is a great example of two things – feckless documentation and an IT Professional (and I use that word sarcastically) believing that he/she were in control of the server in question.

Whilst convenient to use, Internet Explorer (or Firefox) Password Cache is not a secure place to store credentials as IEPassView proves. If you lost control of any of your clients servers, or even your own laptop or desktop, what information could someone else glean from it using freely available tools?

RICHARD TUBB

Richard Tubb is one of the best-known experts within the global IT Managed Service Provider (MSP) community. He launched and sold his own MSP business before creating a leading MSP media and consultancy practice. Richard helps IT business owner’s take back control by freeing up their time and building a business that can run without them. He’s the author of the book “The IT Business Owner’s Survival Guide” and writer of the award-winning blog www.tubblog.co.uk

All Posts

You might like:

Super Top Tech For Your Pampered Pet Guinea Pigs image

Super Top Tech For Your Pampered Pet Guinea Pigs

Tech Guides | By Richard Tubb
How to monitor online mentions of your business with Google Alerts image

How to monitor online mentions of your business with Google Alerts

Building Relationships | By Richard Tubb
Here is a Google Script for using SaneBox alongside Unroll.me image

Here is a Google Script for using SaneBox alongside Unroll.me

Tech Guides | By Richard Tubb
How do I remove a LinkedIn contact? image

How do I remove a LinkedIn contact?

Tech Guides | By Richard Tubb

How to remove the Windows 10 Upgrade icon

Tech Guides | By Richard Tubb
What to do if you lose your Amazon Kindle image

What to do if you lose your Amazon Kindle

Tech Guides | By Richard Tubb
British Gas Hive Active Heating Review image

British Gas Hive Active Heating Review

Tech Guides | By Richard Tubb
How to build a high traffic blog on WordPress image

How to build a high traffic blog on WordPress

Tech Guides | By Richard Tubb
How to block Yesware from tracking you image

How to block Yesware from tracking you

Tech Guides | By Richard Tubb
Using a Three Home Signal Femtocell to improve a Mobile Phone Signal image

Using a Three Home Signal Femtocell to improve a Mobile Phone Signal

Tech Guides | By Richard Tubb
Taking a look at GFI EventsManager 2013 image

Taking a look at GFI EventsManager 2013

Tech Guides | By Guest Author
Recommended Podcasts for IT Professionals image

Recommended Podcasts for IT Professionals

Tech Guides | By Richard Tubb

Comments

3 thoughts on How to use IEPassView to display a cached Password

GARETH

7TH AUGUST 2008 10:22:42

Richard hi,   We are on the same mark here - At Sytec we use a maxim throughout our business, Research, Record & Repeat (comments regarding "Trade Secrets" and other wizardry usually only reveal something about the commentator).   Any business that offers an open and transparent approach with customers develops the relationship, whereas a business that works magic with ‘secret methods’ only highlights the risk of involving them.   Hope to see you soon.   Regards, Gareth

UNKNOWN

7TH AUGUST 2008 16:38:14

"Trade Secrets?" pah!   Did you really get emails like that?  Do they not know google is available to everyone?   Gotta love the nirsoft website...they have some cracking tools!

RICHARD

8TH AUGUST 2008 09:24:14

Andy - yes, I really get e-mails like that. The argument is that I'm drawing attention to vulnerabilities that would otherwise may go unnoticed. My response is that if the information to exploit the vulnerability is out there, then don't "hope" you won't get caught, be aware that at some point you *will* get caught and therefore prepare for that eventuality appropriately.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore.

Share via
Send this to a friend