Password is corrupted for manually entered Generic Credentials in Credential Manager

%3CLINGO-SUB%20id%3D%22lingo-sub-1635300%22%20slang%3D%22en-US%22%3EPassword%20is%20corrupted%20for%20manually%20entered%20Generic%20Credentials%20in%20Credential%20Manager%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1635300%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20following%20behavior%20appears%20to%20be%20a%20bug%20in%20Window%20Credential%20Manager%20but%20I%20cannot%20find%20reference%20to%20it%20within%20Microsoft%20Community.%26nbsp%3B%20I%20have%20reproduced%20this%20behavior%20with%20Windows%2010%20build%201803%20as%20well%20as%20Windows%20Server%202012%20R2%20build%209600.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20a%20Generic%20Credential%20is%20created%20via%20the%20Control%20Panel%5CUser%20Accounts%5CCredential%20Manager%20for%20which%20the%20password%20length%20is%20a%20multiple%20of%204%2C%20a%20portion%20of%20the%20'Internet%20or%20network%20address'%20is%20appended%20to%20the%20saved%20password.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EExample%2C%20create%20a%20new%20Generic%20Credential%20with%20the%20following%20values%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3BInternet%20or%20network%20address%3A%26nbsp%3B%20%26nbsp%3B%20ABCDEFGHIJKL%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3BUser%20name%3A%26nbsp%3B%20%26nbsp%3BABC%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3BPassword%3A%26nbsp%3B%20%26nbsp%3B01234567%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20stored%20password%20is%3A%26nbsp%3B%20%26nbsp%3B01234567ABCDEFGH%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20the%20password%20is%207%20or%209%20characters%20long%2C%20the%20correct%20value%20is%20stored.%26nbsp%3B%20Also%2C%20if%20the%20entered%20Password%20is%20only%204%20characters%20long%2C%20only%20'ABCD'%20will%20be%20appended.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20using%20CredReadA%20to%20verify%20the%20stored%20credentials.%26nbsp%3B%20We%20also%20tried%20creating%20these%20same%20credentials%20using%20CredWriteA%20and%20the%20issue%20does%20not%20appear.%26nbsp%3B%20However%2C%20if%20the%20Password%20for%20this%20credential%20is%20then%20modified%2Fre-entered%20in%20the%20Credential%20Manager%20GUI%2C%20the%20issue%20appears.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20anyone%20can%20reproduce%20and%2For%20suggest%20the%20origin%20of%20this%20issue%2C%20it%20would%20be%20much%20appreciated.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECh%C3%A9%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1635758%22%20slang%3D%22en-US%22%3ERe%3A%20Password%20is%20corrupted%20for%20manually%20entered%20Generic%20Credentials%20in%20Credential%20Manager%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1635758%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F782124%22%20target%3D%22_blank%22%3E%40cheduro%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAre%20you%20able%20to%20reproduce%20this%20issue%20in%20the%20latest%20build%20of%20Windows%2010%3F%3C%2FP%3E%3CP%3EIn%20any%20case%2C%20you%20may%20always%20use%26nbsp%3B%3CSTRONG%3EFeedback%20Hub%3C%2FSTRONG%3E%20app%20in%20Windows%2010%20and%20report%20bugs%20and%20issues.%20But%20before%20that%20it%20is%20always%20good%20idea%20to%20check%20if%20it%20has%20been%20solved%20in%20the%20latest%20build%20or%20not.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

The following behavior appears to be a bug in Window Credential Manager but I cannot find reference to it within Microsoft Community.  I have reproduced this behavior with Windows 10 build 1803 as well as Windows Server 2012 R2 build 9600.

 

When a Generic Credential is created via the Control Panel\User Accounts\Credential Manager for which the password length is a multiple of 4, a portion of the 'Internet or network address' is appended to the saved password.

 

Example, create a new Generic Credential with the following values:

   Internet or network address:    ABCDEFGHIJKL

   User name:   ABC

   Password:   01234567

 

The stored password is:   01234567ABCDEFGH

 

If the password is 7 or 9 characters long, the correct value is stored.  Also, if the entered Password is only 4 characters long, only 'ABCD' will be appended.

 

We are using CredReadA to verify the stored credentials.  We also tried creating these same credentials using CredWriteA and the issue does not appear.  However, if the Password for this credential is then modified/re-entered in the Credential Manager GUI, the issue appears.

 

If anyone can reproduce and/or suggest the origin of this issue, it would be much appreciated.

 

Ché

1 Reply

@cheduro 

Are you able to reproduce this issue in the latest build of Windows 10?

In any case, you may always use Feedback Hub app in Windows 10 and report bugs and issues. But before that it is always good idea to check if it has been solved in the latest build or not.