The new version of WebBrowserPassView utility (v1.40) has the ability to extract the passwords stored by Internet Explorer 10.0
You might think that I added only one feature for this new release, but I actually added 2 features: one for supporting Internet Explorer 10.0 on Windows 8 and the other to support Internet Explorer 10.0 on Windows 7.
That’s because IE10 stores the passwords in completely 2 different ways. On Windows 7, it still stores the passwords like the previous versions of IE, under the following Registry key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2
The passwords under this Registry key are encrypted with the URL string and thus WebBrowserPassView needs to scan the browsing history of IE to decrypt these passwords. Due to the changes on IE10, WebBrowserPassView failed to read the IE history and thus it also failed to get the passwords. The new version of WebBrowserPassView reads the history of IE10 properly and thus the password decryption process also works properly.
On IE10 under Windows 8 it’s a completely different story: The passwords are now stored inside the ‘Windows Vault’, located in the file system under C:\Users\[User Name]\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28
WebBrowserPassView extracts these passwords by using the undocumented Credential Vault Client Library (vaultcli.dll)
The support for IE10 passwords is also added to the Password Security Scanner tool, and soon it’ll also be added to the IE PassView utility.