Index: /trunk/src/VBox/Additions/WINNT/VBoxCredProv/VBoxCredProvCredential.cpp
===================================================================
--- /trunk/src/VBox/Additions/WINNT/VBoxCredProv/VBoxCredProvCredential.cpp	(revision 68073)
+++ /trunk/src/VBox/Additions/WINNT/VBoxCredProv/VBoxCredProvCredential.cpp	(revision 68074)
@@ -427,5 +427,5 @@
     {
         /* First, wipe the existing value thoroughly. */
-        RTMemWipeThoroughly(pwszField, RTUtf16Len(pwszField) * sizeof(RTUTF16), 3 /* cPasses */);
+        RTMemWipeThoroughly(pwszField, (RTUtf16Len(pwszField) + 1) * sizeof(RTUTF16), 3 /* Passes */);
 
         /* Second, free the string. */
@@ -526,5 +526,5 @@
                                 pwszUser, pwszAcount);
 
-            RTMemWipeThoroughly(pwszUser, RTUtf16Len(pwszUser) + sizeof(RTUTF16), 3 /* Passes */);
+            RTMemWipeThoroughly(pwszUser, (RTUtf16Len(pwszUser) + 1) * sizeof(RTUTF16), 3 /* Passes */);
             RTUtf16Free(pwszUser);
 
@@ -544,5 +544,5 @@
                 if (pwszUser)
                 {
-                    RTMemWipeThoroughly(pwszUser, RTUtf16Len(pwszUser) + sizeof(RTUTF16), 3 /* Passes */);
+                    RTMemWipeThoroughly(pwszUser, (RTUtf16Len(pwszUser) + 1) * sizeof(RTUTF16), 3 /* Passes */);
                     RTUtf16Free(pwszUser);
                 }
@@ -552,5 +552,5 @@
                 if (pwszDomain)
                 {
-                    RTMemWipeThoroughly(pwszDomain, RTUtf16Len(pwszDomain) + sizeof(RTUTF16), 3 /* Passes */);
+                    RTMemWipeThoroughly(pwszDomain, (RTUtf16Len(pwszDomain) + 1) * sizeof(RTUTF16), 3 /* Passes */);
                     RTUtf16Free(pwszDomain);
                 }