An anonymous reader writes "Passcape Software has discovered a DPAPI vulnerability that could potentially lead to unauthorized decryption of personal data and passwords of interactive domain users. The vulnerability is present in all Windows Server operating systems. DPAPI, first introduced in Windows 2000, is a technology to protect user and application data on the computer. DPAPI on later operating systems including Windows 2003, Windows Server 2008, and Windows Server 2012 while modified is still compatible with that of Windows 2K. Normally, the API encrypts data using the Master Key derived from the user logon password. However, under certain conditions user data can be decrypted without knowing the corresponding logon password."