Password Depot uses the Windows Credential Manager and cmdkey.exe to automate RDP connections, ensuring that user credentials are temporarily stored and securely managed.
Why RDP connections fail if passwords contain double quotes
RDP connections do not work with double quotes (") in passwords due to the way Windows handles command-line parsing and password processing in conjunction with the Windows Credential Manager.
Limitations of Credential Manager and Command-Line Parsing
When using the cmdkey.exe tool (or any method of saving credentials via the command line) to transfer passwords containing double quotes, the command-line parser interprets double quotes as special characters intended to enclose strings. This can cause confusion or misinterpretation of the password, resulting in incorrect credential handling. Unlike most special characters, which can be escaped (e.g., using backslashes), double quotes cannot be reliably escaped in this scenario, leading to incorrect password processing.
While Microsoft has not explicitly documented the limitation regarding double quotes in RDP passwords, this restriction may stem from security considerations related to command inputs or handling complex password characters. By preventing the use of double quotes, the risk of potential exploits due to improper parsing is minimized, enhancing overall security.
Solution:
It is recommended to avoid using double quotes (") in RDP passwords. This character cannot be reliably escaped or processed, and its inclusion will cause the RDP connection to fail.
Comments
Please sign in to leave a comment.