When RDP passes the password to destination PC it is in protected form, something like "@@D...."
We are using following code in order to get plain text password from it:
if (CredIsProtectedW(szPasswordFromRDP, &protectionType))
if(protectionType == CredProtected)
// use plain text password in our own Credential provider
That code works perfectly well when user has ASCII password.
But when there is Unicode password CredIsProtectedW returns CredUnprotected...
Even when we try to "force" conversion with CredUnprotectW by supplying correct plain text length (we know from original password) - it still doesn't work!
Is it some kind of limitation? Or bug? Or it doesn't support all Unicode characters?
Or destination PC should have language installed?
Internally, they look pretty much the same.
ASCII password in protected form: @@D�� gAAAAAnPAAAAAAAAAE1g99rdJVRbxrnfZUZt2eC#VpTLhcq1H
Unicode in protected form: @@D\x07\x08\x0c\n\roAAAAAnPAAAAAAAAgJtBMDyNE3hzbN0ZfPFpvgndNZinjVbLzxsosyvaRNeD
Just in case - specific Unicode plain text password I've used (Japanese Katakana) アセアセアセアセアセ
2 letters repeated 5 times: U+30A2 and U+30BB