rand477

Hello @Amandeep Kumar, Thanks for your message. Version is 6.9.2.1563-1 running on Fedora 39. To be honest with you, I am in the process of testing alternatives to Enpass and will switch as soon as I have found the one that best fits my model. In addition to my own experience, browsing through the forum reinforced my opinion that reactivity is very slow. I agree that this thread has only been open for slightly over two months now, but what I see is that I had to reach out three times within these two months to finally get a reply asking me for a version - which I assume means that the problem wasn't even looked into yet. I obviously tried fixing the permissions myself - which causes Enpass to not start anymore and raised additional concerns. It is my belief that the default permissions mentioned above constitute a serious security concern. Has the Linux version of Enpass ever been audited? Many thanks for your help.

Hello, It has been over a couple of months now and I am surprised about the absence of any reaction on this. To recap: I deliberately excluded the 21 other files flagged for the same reason as they are mostly icons and not relevant despite showing up in the audit. I am concerned about such loose permissions by default - world readable / writable / executable on binaries and world readable / writable on a config file. The audit did not reveal any other app with similar issues - system wide. Am I the only one to see this as unnecessary and risky practices, especially for an app dealing with sensitive data ?

... bump? It has been over three weeks and 100 reads, yet no answer. Is it time to move to a competitor that is reactive about what can be a serious security issue?

A CSV file being a comma-separated plain-text file, the most likely is that it just can't include attachments. I bet it could however contain a text reference to the attachment such as the filename, which could be limited and potentially confusing if you had different attachments with the same name. Depending on what you are trying to do, there might be another export format or sync process that could be more adapted to your case. That is just my two cents and I hope you will have a more developed answer with a helpful solution.

Hello, While doing a security audit, I noticed that Enpass raised a few red flags on Fedora 39 because of very loose permissions set by default. While that isn't an issue for most of the files (among which many icons), I am more concerned to see default 777 permissions on the binaries for the importer, the wifi sync server and the Enpass app itself, or even 666 permissions on qt.conf. I was wondering about the need for such permissive defaults on an app designed to hold sensitive information ? Many thanks for your help.