{"id":110308,"date":"2024-09-24T07:00:00","date_gmt":"2024-09-24T14:00:00","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/oldnewthing\/?p=110308"},"modified":"2024-09-24T10:16:20","modified_gmt":"2024-09-24T17:16:20","slug":"20240924-00","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20240924-00\/?p=110308","title":{"rendered":"The UserConsentVerifier confirms that the user is there, but it doesn&#8217;t protect any data"},"content":{"rendered":"<p>The <code>User\u00adConsent\u00adVerifier<\/code> Windows Runtime class lets you display one of those authentication prompts to confirm the identity of the user. Programs like Web browsers often use this before doing things like revealing cached passwords.<\/p>\n<p>The <code>User\u00adConsent\u00adVerifier<\/code> does not actually protect any data. Its purpose is confirm that the correct user is still there, and that it&#8217;s not just somebody who randomly walked up to an unlocked computer.<\/p>\n<p>You see, the Web browser <i>already has your password<\/i>. When you go to a Web page, the Web browser already autofilled your password without asking you to go through the <code>User\u00adConsent\u00adVerifier<\/code>. Clearly it knows your password already because it filled it in!<\/p>\n<p>The purpose of the <code>User\u00adConsent\u00adVerifier<\/code> prompt is not to grant the program permission to access the password. It already knows how to do that. The purpose of the prompt is to grant the program permission to <i>reveal the password<\/i>.<\/p>\n<p>The decision to protect the reveal with a <code>User\u00adConsent\u00adVerifier<\/code> is that of the program&#8217;s developer. In an alternate universe, the program&#8217;s developer might have decided, &#8220;You know what? I&#8217;ll reveal your password to anybody.&#8221; But in this universe, the program&#8217;s developer said, &#8220;You know what? Users might get creeped out if I just reveal their password at the drop of a hat. Let me show a good faith effort to protect it.&#8221;<\/p>\n<p>If you assume that the Web browser itself may have been compromised, then this prompt protects nothing, because the code that compromised the Web browser can just extract the password from the Web browser directly. Or it can patch the program so it just skips the call to the <code>User\u00adConsent\u00adVerifier<\/code> entirely.<\/p>\n<p>Note that the class name is the &#8220;user consent verifier&#8221;: Its job is to confirm that the user gave consent for an action. It doesn&#8217;t actually protect the action.<\/p>\n<p><b>Bonus chatter<\/b>: Note that the user consent verifier uses the same interface as Windows Hello, but Windows Hello actually does something! It grants access to keys stored in the TPM.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Is that really you?<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[26],"class_list":["post-110308","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-other"],"acf":[],"blog_post_summary":"<p>Is that really you?<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/110308","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=110308"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/110308\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=110308"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=110308"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=110308"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}