On Tue, 14 Nov 2000, Masse, Robert wrote:
> HKEY_CURRENT_USER\Software\Microsoft\Internet
> Explorer\IntelliForms\SPW
>
> contains the value:
>
> "FMJD38! _496SEO"=dword:00000000
>
> So are you telling me that value contains the username, password and site?
>
"Intelliforms" implies that the above registry key has to do with the
feature that automatically fills in form values for you, which might not
neccessarily be the same as the one that answers standard HTTP client
authentication requests for you. Intelliforms keeps track of field names,
and values you have used for fileds of a given name if you have it
enabled. Mine just has a key anmed "AskUser", a DWORD equal to 0. I have
it turned off. Yours implies that you've got one value for one field name
saved.
The reason that figuring out the obscufcation is interesting is because we
know it can be done. If IE can get the values back in the clear (as it
has to be able to to use them) then we can replicated the behavior with an
external program if we can deduce all the needed info.
Ryan
Received on Nov 15 2000
Intro
