Hard fork of AdysTech / CredentialManager -- v3.0.0

[shakeyourbunny]

Maintained fork available: https://github.com/shakeyourbunny/CredentialManager

This fork addresses several security and correctness issues found in a code audit:

• BinaryFormatter replaced with System.Text.Json — BinaryFormatter is deprecated (SYSLIB0011) and vulnerable to arbitrary code execution (CWE-502)
• Persistence no longer hardcoded to Enterprise — credentials are no longer silently synced to domain controllers (fixes Unable to set persistence when saving credentials #69)
• JIT-safe memory zeroing — credential buffers are zeroed via RtlZeroMemory P/Invoke before CredFree()
• P/Invoke fixes — missing SetLastError, corrected buffer sizes

Also modernized: targets .NET 8.0 + .NET Standard 2.0, C# 12, nullable annotations, i18n (en/de/fr/es/it). Full audit findings in
https://github.com/shakeyourbunny/CredentialManager/blob/master/CHANGELOG.md.

NuGet: shakeyourbunny.CredentialManager (MIT, upstream attribution preserved)

[mvadu]

Thank you for the interest and effort put in @shakeyourbunny . Looking at the code, given you have changes the namespace I am assuming you are not planning to send a PR? do you mind I take those changes into main repo?

[stmax82]

Thank you for the interest and effort put in @shakeyourbunny . Looking at the code, given you have changes the namespace I am assuming you are not planning to send a PR? do you mind I take those changes into main repo?

+1 @mvadu an update of the main repo would be great, thanks!

[shakeyourbunny]

Thank you for the interest and effort put in @shakeyourbunny . Looking at the code, given you have changes the namespace I am assuming you are not planning to send a PR? do you mind I take those changes into main repo?

Well, I thought, the project was dead and unmaintained; but if you wish I can refashion it to go back to your namespace? I was not really keen to sever ties, nor really much maintain it after my use of the library, so I don't have issues merging back.

I think I'll do a branch of my code and refashion it for merging back the code, the documentation, the tests etc?

@mvadu what do you think?

[mvadu]

Well, I thought, the project was dead and unmaintained; but if you wish I can refashion it to go back to your namespace? I was not really keen to sever ties, nor really much maintain it after my use of the library, so I don't have issues merging back.

I think I'll do a branch of my code and refashion it for merging back the code, the documentation, the tests etc?

@mvadu what do you think?

hey, life happened man! once most of the stuff I needed were implemented the library was kind of working, then I kind of got busy and couldn't get the timely .Net versions updated. I really really appreciate if you send the PR, and I can be more prudent on keeping it up to date going forward (AI is a thing now, which can help)

[shakeyourbunny]

Hi, as you already noticed, this is the refashioned version, so it can be used in your project: #72

If that gets through, I'll put a notice on my hard fork to use the upstream version instead and archive the project.

[mvadu]

Fixed in #72, https://www.nuget.org/packages/AdysTech.CredentialManager/3.1.0 is now live