How does Microsoft Remote Desktop Manager encrypt passwords?

When storing connection passwords, MS RDP provides the ability to store the password as either clear text or to encrypt it.

Thr resulting node in the file looks like

<logonCredentials inherit="None">
   <userName>USER</userName>
   <domain>DOMAIN</domain>
   <password storeAsClearText="False">AQAdERjHoAwE/Cl+sBAAAA(...)zh</password>
</logonCredentials>

I'm wondering how secure is that encryption, and if the file can be shared among coworkers without someone being able to easily guess the password.

I'm guessing "not much" but I couldn't find exactly how that encrypted chain is generated.

Any idea? Thanks!

Solution 1:

I don't know how the RemoteDesktopManager does it, but I assume it would be the same as how it stores it in a .RDP file.

CryptProtectData which (with the settings they used for RDP) only allows the string to be decrpyted on the same machine as the one that encrypted it due to the fact that it uses the unique ID of the the windows install as part of the encryption processes (the CRYPTPROTECT_LOCAL_MACHINE flag). So yes a attacker could decrypt your password, but they could only do it on the machine that stored the password, they can not do a "offline" attack.

Note this is all for .RDP files. I have no way of knowing if Remote Desktop Manager does the same thing.

Solution 2:

In fact, RDP from RDPMan distinguishes only way to store hash: first stores it in hexadecimal notation, and the second performs Base64 encoding. So after Base64 decoding using utility RDP Password Hasher obtain the original password. But it can crank out only by working on behalf of the user who created the password.