Jump to content
Enpass Discussion Forum

Vinod Kumar

Enpass team member
  • Posts

  • Joined

  • Days Won


Everything posted by Vinod Kumar

  1. Hi @qalisto, Thanks for bringing this up. With our current portable offering, situation is no better than what has been reported in said news article. While the master password is correctly wiped but other credentials do show up in memory. Blame the old architecture and choices we have made in past. In an ideal world, we would have released portable version alongwith regular version of Enpass 6. Due to resource constraints, we were unable to do so. Good news is that, portable version has been merged with latest stable version and QA has been started. Thanks.
  2. Hi @Phylum, Sorry for the late response. Let me assert that, severity of this kind of attack is low, given the nature of the permissions, attacker requires to exploit it. This attack is only possible on a compromised system where an arbitrary process can read other process' memory and process memory protection is operating system's responsibility. A password manager or another user-space process can't defend against such attacks. However, we have taken some steps to mitigate this kind of attack. This was one of the reasons to rewrite Enpass 6 entirely with a new, robust architecture. Please check the Security Audit report where this issue appeared and resolution was provided by us (page 5). Enpass is composed of two parts, Core and UI. The Core part is entirely in C++ and we have done extensive memory sanitization there. Almost always, UI part is responsible for leaking secrets because once an item is displayed in UI, we don't have control over its internal UI buffers. We have to depend upon garbage collector of framework/language to finish the work. One possible solution is to create custom controls for everything related to password and here is what we have done in various scenarios: Master password is always scrubbed just after unlocking your database or usage on any other screen. Our custom editor control for master password input ensures this. You will almost never find a trace of master password in memory. Only the password, you are currently interacting is loaded into memory and scrubbed after its usage. The UI control to view a password is a custom control. Editing passwords - This is the only time we use stock UI control to edit item password. For better user experience, we are not using the same custom control we use for master password. This password may or may not be found in the dump depending upon when it was freed by framework. Security is an ongoing process and we continuously improving our software in every aspect, memory sanitization being one of them. We are working on bringing in custom controls in more leakage points. Thanks.
  3. @balticsailor Next update should fix this. Beta is already out.
  4. Hi @EdF, Sorry for trouble. Please let me know the version of Enpass you currently have. You can get it from Help->About. Thanks.
  5. Hi @jibba, These files are not meant to be restore directly but here is a workaround. Take backup of your current Enpass. Uninstall and install again from windows store. Create a new vault with any password. Goto Settings->Advance Settings->Click on your data location. This data location will be having a vault.enpassdb and vault.json. Quit Enpass and replace these two files with files you want to restore. Restart Enpass and you should be able to login into restored vault. Cheers.
  6. Hi all, Sorry for inconvenience. This error means unauthorized access error from OneDrive. Somehow authorization token for OneDrive is revoked. Are you changing/adjusting your system time manually? Is it happening on your other devices too? A quick fix is to disconnect and sync again. Thanks.
  7. Hi @servilianus, I have filed a bug report. We will release a fix soon. Thanks.
  8. Hi @Dentonthebear, Sorry for late reply. We have no restriction on size when you choose custom icon. We resize an provided image to 200x200 pixels, after resizing if its size is less than 100KB, it is used as custom icon otherwise not. So, a Custom icon with 200X200 pixel and less than 100KB will always be accepted. Also, favicon support is coming soon and it will save your time from adding custom icon for every website. Thanks.
  9. Hi @Jay Mobile, There is an option to add "Software License" in Enpass under "License" category. Go to Add(+)->License->Software License. Thanks.
  10. Hi @kkupe, Sorry for inconvenience. The reason could be items does not have URLs fields or wrongly imported. Please let me know the 1Password version & format you have exported the file. Thanks.
  11. Hi @thepisu, Thanks for reporting the bug. It is already in our bug list and fix will be available in subsequent release. Thanks.
  12. @kennyeastmids Sorry. Updated the previous post.
  13. Hi @BioDave1955, Sorry for trouble. I can see two issues here. 1. Toolbar icons are not showing properly -> We are still investigating the issue. 2. Custom fields -> Did all of your custom fields disappeared? Can you give us some idea when did you added custom fields and in which version of Enpass? Thanks.
  14. Hi @Seger, The account/url provided by you is not mountable in any explorer i.e. Finder (Mac), Nautilus(Linux) or Windows Explorer. Because the url you provided is taking to web service login page. Either the WebDAV is not configured properly or the demo URL provided is not correct. I have already sent you PM about the problem on Jan 11. Thanks.
  15. Hi @stigvi, Thats true. Attachments are kept in separate files in Enpass 6, they are synchronized only when restored, added or deleted. Cheers:)
  16. Hi @rfflower, Please click on Extensions tab on downloads page on our website. Here is direct link for convenience. https://dl.enpass.io/stable/extensions/firefox/versions/v6.0.0.0-1/enpass-firefox-6.0.0.xpi Thanks.
  17. Hi all, This is certainly a False Positive. We have contacted Cisco Technical Assistance Center to look into it. Thanks.
  18. Hi @Oxymed32, My bad for pointing to wrong link. Currently, macOS Mojave is on 10.14.2. I think beta might be a issue here. Please update your system to latest version and let me know if problem still persists. Thanks.
  19. Hi @kennyeastmids, Sorry for inconvenience. Window 7 -> Please try this FIX and let me know if this works for you. https://www.enpass.io/support/enpass-starts-with-blank-white-screen-on-windows-how-can-i-fix-it/ iPad-> Please wait for next update for iOS 9.3.5 Safari extension related fix. Thanks.
  20. Hi @Harry, Goto Settings->Vaults->Primary->Change password and choose Add KeyFile from Advanced section as shown in screen shot in previous reply. Thanks.
  21. Hi @mato, New Enpass extensions can only be used with v6 because they both App and Extension use different negotiation techniques than v5. So, you can't use v6 extension with v5 app or vice-versa. Functionality wise both are equal. The only pro for v6 is, it is being actively maintained and updated. Thanks.
  22. Hi @rburgst, Filed a bug report for this issue. Thanks.
  23. Hi @OLLI_S, Filed a bug report for this issue. Thanks.
  24. Hi @ithinkiam, You post has been merged with an exiting post which has been answered previously. Here Thanks.
  25. Hi @DouggerJ, Sorry for the delay. 'Conflict in syncing data with Dropbox' error occurs when Enpass detects that items on local vault are different than items found in the cloud database. If you are trying to sync two different databases/vaults then follow the steps:-  1. Tap on Sync Error, and you will get a screen where you can see the number of items of both vaults and there will be two options 'Merge' and 'Disconnect'. 2. Tap on 'Merge' and syncing will be continued. You can safely continue with 'Merge' option even if Enpass is showing this error on same databases.  Please let me know if you ever imported data from any other password manager or csv file. That may be the cause of issue.  Thanks.
  • Create New...