• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 10071
  • Last Modified:

Is CryptnetURL Cache a Security Vulnerability?

I was doing a little research into a certain set of "hidden" folders (hidden by default), and I wanted to get more information on their function, as well as whether or not they pose a security threat.

The hidden files on Windows 7 are located as follows (for those who don't already know):

C:>Users>(your user profile name)>AppData>LocalLow>Microsoft>CryptnetURLCache

Inside this folder are two subfolders, called "Content" and "MetaData"


Upon researching and Googling, I came across all kinds of contradictory and inconclusive information regarding their purpose.

- Are these folders a permanent (or even temporary) record of a user's search history / web activity?
- If these contain a record of surf activities, would they be touched by most "surfing trace cleaner" utilities?
- If these files are not deleted by most "surfing trace cleaner" type utilities, then can they/should they be modified manually?
- Why is the content encrypted, and how & when is the content decrypted?
- What is the primary function and purpose of this kind of encrypted, hidden (by default) folder?
- Do these encrypted and hidden folders pose a potential security threat to users?

Many millions of people worldwide use surf trace history utilities, designed to erase their recent searches, as well as their URL histories.   It would be very good to know if an entirely separate database exists which completely avoids deletion (and thus making these utilities almost pointless, or at the very least futile).
0
Tony_the_PC-Tuner
Asked:
Tony_the_PC-Tuner
  • 2
1 Solution
 
Jackie ManCommented:
- Are these folders a permanent (or even temporary) record of a user's search history / web activity?
NO, these folders store the URL which are accessed via SSL (NOT a user's search history or web activity.  By default, the OS is pre-installed with a number of SSL URL for a number of Intermediate and Trusted Root Certification Authorities for performing SECURED web activity for Internet Explorer or Google Chrome only.  The user can add new URL when visits have been made to a website via SSL and such URL is not included in the corresponding URLS for Intermediate and Trusted Root Certification Authorities.

- If these contain a record of surf activities, would they be touched by most "surfing trace cleaner" utilities?
NO, they cannot be be touched by most "surfing trace cleaner" utilities.

- If these files are not deleted by most "surfing trace cleaner" type utilities, then can they/should they be modified manually?
Unless you DO NOT want to visit any web site via SSL, you can remove all content inside the sub-folders of subfolders of "Content" and "MetaData".

- Why is the content encrypted, and how & when is the content decrypted?
It is difficult to explain as it is a kind of browser behavior. CryptnetURL is only valid for Internet Explorer or Google Chrome.  Please visit the URL below to get a brief understanding. http://www.f5.com/pdf/white-papers/browser-behavior-wp.pdf 

- What is the primary function and purpose of this kind of encrypted, hidden (by default) folder?
As explained earlier, it is just how Internet Explorer or Google Chrome works on SSL URLs.  Being hidden is to avoid accidental deletion by normal users just like other system files.

- Do these encrypted and hidden folders pose a potential security threat to users?
NO
0
 
Tony_the_PC-TunerAuthor Commented:
Wow, fantastic answers.  Thanks, jackieman.  I appreciate the detailed response, as well as the link.

Especially interesting to note that this only functions with IE and Google Chrome, but not other browsers.
0
 
Jackie ManCommented:
Glad to know your feedback. IE and Google Chrome makes use of the same settings in Internet Options in Control Panel so that what you change in Internet Options will be effective in Google Chrome also.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now