How to use IEPassView to display a cached Password

I returned to the office on Tuesday and immediately got stuck into some work for a new client we’re in the process of taking on-board. They needed some modifications to their Firewall, and I’d already used murky methods to deduce the Administrator password which the previous feckless IT Support provider had not made available to us. In fact, the previous IT Support provider had left zero documentation whatsoever – they weren’t a fan of Karl Palachuk’s methodology then.

Once logged onto the server, we logged onto the Router with ease. I say with ease because from the server console, Internet Explorer had cached the username and password for Router access. We didn’t know the password, but we could still gain access to the Router to make our changes. It seems the previous IT Support provider was also not very security conscious – not a fan of Steve Lambs blog either then.

However, we were still faced with the fact we didn’t know the Router password to enable us to logon from any other machine bar the server with the cached credentials – and therefore faced with the fact we would need to factory reset the Router and all it’s working settings, just to enable us to change this password to something of our own choice.

Then a thought occurred. Internet Explorer has the password cached – surely there’s some way of decrypting that information so it’s readable?

There is – and it’s a freeware package called IEPassView

IEPassView is a  small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 – v6.0. There are also similar versions for Firefox– just in case you thought I was bashing Microsoft over Open Source alternatives.

Thirty seconds after downloading IEPassView, the Router password – and an incredible amount of other passwords (thanks for the logon to your Hotmail and Facebook account guys!) – were revealed to me, and I’d subsequently changed the Router password saving myself a heap of time.

Now I got a few e-mails bemoaning the fact that I was giving away “Trade Secrets” with my blog post on Magical Jellybean Keyfinder– but frankly, the above tale is a great example of two things – feckless documentation and an IT Professional (and I use that word sarcastically) believing that he/she were in control of the server in question.

Whilst convenient to use, Internet Explorer (or Firefox) Password Cache is not a secure place to store credentials as IEPassView proves. If you lost control of any of your clients servers, or even your own laptop or desktop, what information could someone else glean from it using freely available tools?


  • Richard2008-08-08 09:24:14

    Andy - yes, I really get e-mails like that. The argument is that I'm drawing attention to vulnerabilities that would otherwise may go unnoticed. My response is that if the information to exploit the vulnerability is out there, then don't "hope" you won't get caught, be aware that at some point you *will* get caught and therefore prepare for that eventuality appropriately.

  • Unknown2008-08-07 16:38:14

    "Trade Secrets?" pah!   Did you really get emails like that?  Do they not know google is available to everyone?   Gotta love the nirsoft website...they have some cracking tools!

  • Gareth2008-08-07 10:22:42

    Richard hi,   We are on the same mark here - At Sytec we use a maxim throughout our business, Research, Record & Repeat (comments regarding "Trade Secrets" and other wizardry usually only reveal something about the commentator).   Any business that offers an open and transparent approach with customers develops the relationship, whereas a business that works magic with ‘secret methods’ only highlights the risk of involving them.   Hope to see you soon.   Regards, Gareth

Reader Interactions

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Send this to a friend