POP3/IMAP password encoding

C

Cristian Iorga

Hi everyone,

I'm trying to develop a tool that setups ready to be used MAPI profiles for
Outlook 2k/XP/2k3. The only problem left is setting up the password for the
transport providers. I couldn't find any properties, procedures or
workaround for this, so the question would be if anyone knows any
programmatic way to setup the POP3/IMAP password using MAPI for the
transport provider?


Another method to setup the password seem to be by encoding the data
directly into the registry (can have a look at
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
Messaging
Subsystem\Profiles\%profile_name%\9375CFF0413111d3B88A00104B2A6676\00000002\POP3
Password) but I couldn't find any documentation/information of how Outlook
encodes the password. It seems to be encoded using CryptoAPI provided by the
operation system, but starting with Outlook 2000, each Outlook version
installs another Cryptographic Service Provider (ExchCSP.dll). The question
would be if you have anyone has any information/idea if Outlook is using
EschCSP or CryptoAPI alone to encode/decode the password. Also, does anyone
know the encoding algorithm used from CSP and/or password used to encode the
data?


Other methods tested on to setup the password that didn't worked were by
using .prf files imported into Outlook (no way to setup account password),
using Microsoft provided tools to create profiles (only creates services and
providers, bot accounts).


Thank you!


Best regards,

~Cristian
 
S

Sue Mosher [MVP-Outlook]

AFAIK, it is not possible to set mail account passwords programmatically.
 
C

Cristian Iorga

But there are methods to decode the password progammatically because Outlook
does it and that's enough for me. Hack or not, there is a way to do it.

Please see Mail PassView - http://www.nirsoft.net/utils/mailpv.html. It
decodes the password. So, it must be a way to encode it back. Also, products
like ProfileMaker from AutoProf (recently know as DesktopStandard
Corporation - http://www.desktopstandard.com) does just that.

Regards,
~Cristian
 
J

Jason

Cristian Iorga said:
But there are methods to decode the password progammatically because
Outlook does it and that's enough for me. Hack or not, there is a way to
do it.

Please see Mail PassView - http://www.nirsoft.net/utils/mailpv.html. It
decodes the password. So, it must be a way to encode it back. Also,
products like ProfileMaker from AutoProf (recently know as DesktopStandard
Corporation - http://www.desktopstandard.com) does just that.

If you are a known and large company you can pay Microsoft
a small fortune and get access to do things like ProfileMaker is.
You probably don't qualify....
 
J

Jim Vierra

I think you will find that it is one of the encryption formats like MD5 or
DES possibly from the crypto API. I would try looking at this to see if I
could generat a password that matches the one done by Outlook. The problem
will be the seed if one is used.
 
P

Peter Huang [MSFT]

Hi

I reviewed the thread and find that there is a similar issue in the
newsgroup below.Now I have replied to you, you may go and take a look.
Subject: Re: POP3/IMAP password encoding
Newsgroups: microsoft.public.office.developer.office.sdks

Best regards,

Perter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
J

Jim Vierra

Thanks Peter. The only problem is that the other thread ahas multiple post
addresses and I always forget to delete them when I reply. Someone should
turn of the multple posts on this server.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top