Sep 04 2020 04:12 AM
The following behavior appears to be a bug in Window Credential Manager but I cannot find reference to it within Microsoft Community. I have reproduced this behavior with Windows 10 build 1803 as well as Windows Server 2012 R2 build 9600.
When a Generic Credential is created via the Control Panel\User Accounts\Credential Manager for which the password length is a multiple of 4, a portion of the 'Internet or network address' is appended to the saved password.
Example, create a new Generic Credential with the following values:
Internet or network address: ABCDEFGHIJKL
User name: ABC
Password: 01234567
The stored password is: 01234567ABCDEFGH
If the password is 7 or 9 characters long, the correct value is stored. Also, if the entered Password is only 4 characters long, only 'ABCD' will be appended.
We are using CredReadA to verify the stored credentials. We also tried creating these same credentials using CredWriteA and the issue does not appear. However, if the Password for this credential is then modified/re-entered in the Credential Manager GUI, the issue appears.
If anyone can reproduce and/or suggest the origin of this issue, it would be much appreciated.
Ché
Sep 04 2020 06:57 AM
Are you able to reproduce this issue in the latest build of Windows 10?
In any case, you may always use Feedback Hub app in Windows 10 and report bugs and issues. But before that it is always good idea to check if it has been solved in the latest build or not.