I am performing some comparison among remote management tools based on Windows platform. In particular I am evaulating the security aspects of such software. By using some tracing systems I was able to detect the Registry Hive where TeamViewer stores the permanent password for unattended access and the optional passwords for remote access (Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TeamViewer: MultiPwdMgmtPwdData).
Now, I would like to understand what is the security process adopted by Teamviewer when dealing with password storage and protection. Within the registry key Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TeamViewer there are a number of keys. Here some questions:
Finally, in case I wanted to replace my old permanent password directly on the registry, what would be the operations that should I execute? I would guess: DPAPI_Protect(HASH(clearPassword))).
Thank you for your post.
Unfortunately, we are unable to provide some of the information you requested as this information is sensitive to the security of our software.
We can however provide you with some comments that should address your questions:
In regards to your final point, the software will not allow you to change the password with a reg key change or script.
It is only possible to set a password either in the software itself, or by using the import function of a reg file that was created by the TeamViewer export function, external scripts are not possible.
The import/export function can be found in the software under advanced.
I hope this answers this for you.