ios mail app password.

Discussion in 'iPad' started by elf69, Oct 16, 2017.

  1. elf69 macrumors 68020

    elf69

    Joined:
    Jun 2, 2016
    Location:
    Cornwall UK
    #1
    I think I known the answer but...

    I have a customer at work with an ipad.
    The mail app works and she can get her emails (yahoo).

    She tried to login via browser and it rejects her password.
    She cannot get recovery code via cell phone as that number is dead.
    In uk if number not used for 6 months they cancel it, it got canceled as they did not know of the time limit.

    Can I get password out the app?
    I highly doubt it...
     
  2. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #2
    No of course not, that would represent a huge security vulnerability.
     
  3. elf69 thread starter macrumors 68020

    elf69

    Joined:
    Jun 2, 2016
    Location:
    Cornwall UK
    #3
    That's my thoughts on subject.

    They are SOL then.
     
  4. ventmore macrumors 6502a

    Joined:
    Jul 13, 2008
    #4
    Could you maybe enable iCloud Keychain on the iPad and a Mac to sync them up, then find the password using the keychain access app on the Mac?
     
  5. elf69 thread starter macrumors 68020

    elf69

    Joined:
    Jun 2, 2016
    Location:
    Cornwall UK
    #5
    how would I do this please?

    only mac available is my own work machine.
    would I need create new user with same apple id as the ipad?
     
  6. ventmore macrumors 6502a

    Joined:
    Jul 13, 2008
    #6
    I don’t use iCloud Keychain, but it seems that if you turn it on and get it syncing to a Mac, you should be able to view the contents of the iCloud Keychain from there.

    Someone may be able to chime in and say if this would work, or if I’m just full of it! :)

    AFAIK, yes you would need a user signed in with the same Apple ID as the iPad to get iCloud Keychain setup.
    --- Post Merged, Oct 16, 2017 ---
    The other way would be to use something like SSLsplit to intercept and decrypt the password.

    https://blog.heckel.xyz/2013/08/04/use-sslsplit-to-transparently-sniff-tls-ssl-connections/

    I’ve successfully used this to retrieve a gmail password for a friend before. It was a good few years ago though, so I couldn’t detail the steps I’m afraid. I just used a tutorial at the time.
     
  7. elf69 thread starter macrumors 68020

    elf69

    Joined:
    Jun 2, 2016
    Location:
    Cornwall UK
  8. akash.nu macrumors 604

    akash.nu

    Joined:
    May 26, 2016
    #8
    The keychain will not show passwords for the mail app. Only if the password was stored in the keychain via browser then it can be found.
     
  9. ventmore macrumors 6502a

    Joined:
    Jul 13, 2008
    #9
    Sorry for the false hope then......I figured they’d be stored in iCloud Keychain for syncing across devices.

    They must only be stored in a local Keychain then are they?

    Looks like you may need to go the SSLsplit route. :)
    --- Post Merged, Oct 16, 2017 ---
    Are you absolutely sure it doesn’t sync mail passwords. A quick google brought this up:

    E42040BD-B268-4316-9ECA-AE2A4BE49230.jpeg
     
  10. akash.nu macrumors 604

    akash.nu

    Joined:
    May 26, 2016
    #10
    It syncs the passwords but they’re stored in hashed alphanumeric form. So you can’t actually see them in plain text.
     
  11. ventmore macrumors 6502a

    Joined:
    Jul 13, 2008
    #11
    A hashed password would be useless. Keychain would need to store the actual password to allow the device to login to a service.
     
  12. akash.nu macrumors 604

    akash.nu

    Joined:
    May 26, 2016
    #12
    I’m guessing the mail app signs in and stores the auth code in the keychain. To be honest I always have to sign in to the accounts manually when I setup a new device.
     
  13. ventmore macrumors 6502a

    Joined:
    Jul 13, 2008
    #13
    Ah...ok......so it stores a token rather than the password. Makes more sense now, thanks! :)

    I’m sure my Keychain used to (don’t use mail on a Mac ATM) store my actual passwords, but they were for my own domain...not yahoo/google etc.

    @elf69
    Sorry to lead you down the wrong path mate. Definitely give SSLsplit a try though. :)
     

Share This Page

12 October 16, 2017