I'm not sure this is factually accurate. Before the 2014 patch, cleartext password will be stored in LSASS for interactive logon sessions unless explicitly disabled. By default Vista, 7, 2008, 2008R2 and 2012 all stored plaintext credentials in LSASS until KB2871997 when this was disabled by Microsoft, but that still doesn't remove plaintext credentials from WDigest according to their own patch overview ( http://blogs.technet.com/b/srd/archive/2014/06/05/an-overview-of-kb2871997.aspx ). I don't know about Kerberos but it certainly used to be the case that it also required plaintext storing of credentials in-memory for ticket generation
My understanding is that the cleartext passwords are stored encrypted and in-memory via SSP, historically for numerous supported authentication methods but these days pretty much solely for WDigest. The encryption is done via the LSAProtectMemory function, which can simply be reversed via (ab)use of the LSAUnprotectMemory function. There are several tools publicly available that do this, including WCE and Mimikatz.