tl;dr: When you open a password protected zip archive using Windows Explorer, in Windows 8.x/10 the password is automatically cached in the Credentials Manager for the life of the logon session.
This is doesn’t apply in earlier Windows versions, at least not by default, and it is apparently a ‘feature’ that aims to favor usability. In a few words…”if you have opened once a protected zip archive using Windows Explorer, then what the hell…, let me cache that password for you so you don’t need to enter it again during that logon session”. Holy crap!!!
If you share the same account on a Windows host with those versions of the OS installed and you open password-protected zip archives with (…ahem) sensitive data using Windows Explorer, then rest assured that if you don’t logoff anyone using your computer can easily get those passwords. So you are basically fucked!
If you are an
ethical hacker and you just gained access to a host running Windows 8.x/10, then you might get really lucky since people love re-using the same passwords for different things.
So they are basically fucked!
The code to do this, is ridiculously simple as well…