Cannot decrypt Unicode password, passed from RDP (need plain password for credential provider)

Alex Danilov 6 Reputation points
2021-04-02T00:13:29.95+00:00

When RDP passes the password to destination PC it is in protected form, something like "@@D...."
We are using following code in order to get plain text password from it:

if (CredIsProtectedW(szPasswordFromRDP, &protectionType))
{
if(protectionType == CredProtected)
{
CredUnprotectW(FALSE, szPasswordFromRDP,...);
// use plain text password in our own Credential provider
}
}

That code works perfectly well when user has ASCII password.
But when there is Unicode password CredIsProtectedW returns CredUnprotected...
Even when we try to "force" conversion with CredUnprotectW by supplying correct plain text length (we know from original password) - it still doesn't work!
Is it some kind of limitation? Or bug? Or it doesn't support all Unicode characters?
Or destination PC should have language installed?

Internally, they look pretty much the same.
ASCII password in protected form: @@D�� gAAAAAnPAAAAAAAAAE1g99rdJVRbxrnfZUZt2eC#VpTLhcq1H
Unicode in protected form: @@D\x07\x08\x0c\n\roAAAAAnPAAAAAAAAgJtBMDyNE3hzbN0ZfPFpvgndNZinjVbLzxsosyvaRNeD

Just in case - specific Unicode plain text password I've used (Japanese Katakana) アセアセアセアセアセ
2 letters repeated 5 times: U+30A2 and U+30BB

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,617 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,754 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Carl Fan 6,836 Reputation points
    2021-04-02T09:03:44.367+00:00

    Hi,
    According to your description, the issue is about decrypt password with Script or API. Please post the issue to script forum.
    https://social.msdn.microsoft.com/Forums/office/en-US/home?forum=csharpgeneral
    Based on my search, the wincred.h header defines CredIsProtected as an alias which automatically selects the ANSI or Unicode version of this function based on the definition of the UNICODE preprocessor constant. Mixing usage of the encoding-neutral alias with code that not encoding-neutral can lead to mismatches that result in compilation or runtime errors. For more information, see Conventions for Function Prototypes
    https://learn.microsoft.com/en-us/windows/win32/intl/conventions-for-function-prototypes
    Hope this helps and please help to accept as Answer if the response is useful.
    Best Regards,
    Carl

    0 comments