Tagsecurity

Removing cached AD passwords in IE

Scenario:

Your company has a web enabled Microsoft app (Outlook Web Access, SharePoint, etc…) that passes your Active Directory credentials internally so you don’t have to login twice (Once to get on the computer and again to access the app).

Then your company decides to publish this app outside of your facility allowing you to directly access it from home, but because you’re not on the company network when you’re at home you have to log into the app using your AD credentials.

You decide that logging in is “for the birds” and set Internet Explorer to save your AD username and password so you don’t have to enter it in.  Success!

This carries on for a while until your networks security policy is forcing you to change your password, which is ok with you.  You’ll just clear out your IE saved usernames and passwords and save it all back with your new password.

But wait there seems to be a problem, you’re clearing out IE but it’s not clearing out your AD credentials.  What do you do?

Solution:

For starters you should never save your AD credentials in IE.  IE handles your AD credentials and your generic website credentials completely differently.   When you go to generic website like Amazon or Google and tell it to save your username and password to those sites, it stores those credential in the registry.  Then when you tell IE to clear all of your saved passwords it clears out the registry.  Your AD credentials are not stored in the registry; they are stored in an encrypted NTLM hash file stored in your user folder.

Luckily Windows 7 introduced us to the “Credential Manager”, which is found in the Control Panel.  This allows us to remove AD and generic credentials that are stored on your computer with ease.  But for those that are still running Windows XP below are the steps to removing that cached AD account.

  1. Go to: C:\Documents and Settings\YOUR USERNAME\Application Data\Microsoft\Credentials\<SID>\Credentials
  2. Make a copy, then delete the original.
  3. Reboot the computer.

Update:

Since the introduction of Credentials Manager in Windows 7 and up, you can now manage your saved AD accounts.  Credentials Manager is located in the Control Panel.

Simple PHP Form Security

Below is a simple PHP function that I use to strip any dangerous code from my input boxes.


<?php

// make our user input safe to output

function safe_output($string){

$string = trim($string);

$string = strip_tags($string);

$string = htmlspecialchars($string);

return $string;

}

// retrieve form data

$phrase = safe_output($_POST['phrase']);

?>

First we are going to create a function called “safe_output”, and within that function we are going to perform a set of statements that will trim and strip any whitespace and code from our textbox and give us just the raw string.

Within our function we are going to create the variable $string.  Then we are going to pass $string through the “trim” function which will remove any whitespace before and after our string (Example: “Bill Gates     “ becomes “Bill Gates”).

Next we will pass our variable through the “strip_tags” function which will strip out any HTML and PHP tags from our string (Example: “<html><body>Bill Gates</body></html>” becomes “Bill Gates”).

Then finally we will pass our variable through the “htmlspecialchars” function which will convert any special characters to HTML entities (Example: “&” will become “&amp”, and “>” will become “&gt”, etc…).

Lastly we create a new variable called “$phrase” that passes the string from our form through our safe_output function.

© 2020 Ryan Janis

Theme by Anders NorénUp ↑