I am reviewing the VICredentialStoreItem cmdlets (https://www.vmware.com/support/developer/windowstoolkit/wintk40u1/html/New-VICredentialStoreItem.htm...) and I am curious as to how secure these cmdlets actually are.
The URL says quite clearly:
"The credential store is not designed to be a secure password repository. Although the passwords added to the credential store are obfuscated, they can be recovered by anyone who can access the credential store file"
I am wondering what underlying technology is being used here, because if it's Microsoft DPAPI that is being used - i'd say that offers a reasonable degree of protection from someone obtaining the file and being able to decrypt the password as the encryption\decryption needs to be run from same user context.
Does anyone know, or is it actually the case that the password strings that are generated in the XML are totally trivial to decrypt?
Thanks
Shaun
That is correct.
Btw, an alternative is to use an AES key to do the encryption, then your secure string becomes portable.
The drawback is that the AES key, which you need for decryption, needs to be protected.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Not totally trivial, you will need to use the account and computer on which the store item was created.
But if that is possible, I would guess that security is already breached on a higher level.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hi LucD,
Thanks for the reply.
That's what my general point was really, I use Microsoft DPAPI a fair bit when using Powershell in general - under the pretence that if your account has been compromised on the device you are logged in to, that's a different scenario to someone being able to harvest the encrypted strings and simply decrypt them on another machine trivially.
In which case, when it states the below it's not quite the full picture because the person who has access to the file also needs to have control of a process that is running under the same account and computer used to create the file content:
"Although the passwords added to the credential store are obfuscated, they can be recovered by anyone who can access the credential store file"
Thanks
Shaun
That is correct.
Btw, an alternative is to use an AES key to do the encryption, then your secure string becomes portable.
The drawback is that the AES key, which you need for decryption, needs to be protected.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks