The Protected Store is a storage facility provided as part of Microsoft CryptoAPI. It's primarily use is to securely store private keys that have been issued to a user. All of the information in the Protected Store is encrypted, using a key that is derived from the user's logon password. Access to the information is tightly regulated so that only the owner of the material can access it.
Many Windows applications use this feature; Internet Explorer, Outlook and Outlook Express for example store user names and passwords using this service.
Credentials are stored in the registry under the key
HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider\
which is the base key for the service.
This feature enumerates those entries and decodes the following type of credentials:
- MS Outlook 2002's passwords(POP3, SMTP, IMAP, HTTP)
- Outlook Express's passwords(POP3, NNTP, SMTP, IMAP, HTTP, LDAP, HTTP-Mail)
- Outlook Express Identities
- MS Outlook's passwords (POP3, NNTP, SMTP, IMAP, LDAP, HTTP-Mail)
- MSN Explorer's Sign In passwords
- MSN Explorer's Auto Complete passwords
- Internet Explorer's protected sites passwords
- Internet Explorer's Auto complete passwords
To dump the content of the store you can press the "Insert" button on the keyboard or click the icon with the blue + on the toolbar. The Protected Storage Password Manager also lets you remove unwanted/forgotten cached passwords in a simple way: just right click on the resource in the list and choose remove from the pop up menu.