Jump to content

CodeHead

Members
  • Content Count

    3
  • Joined

  • Last visited

Everything posted by CodeHead

  1. Actually, 0.0.0.0:* is not an invalid address, as it represent any foreign ip/port combo. My mistake was that I thought it was the local address, not the foreign address. So no issue here. So its clear-text but we're okay since its not discoverable outside of the computer since its not broadcasted where you can dump the data via wireshark or tcpdump on a separate device. The assumption is that the computer running Enpass isn't compromised. Hard to argue there being that all bets are off once you no longer own your machine. I have to ask... though I know SQLCipher has been though peer audits... has Enpass itself been audited for security leaks?
  2. Installed the linux version of Enpass today (5.3.0) on my Ubuntu box. I setup folder syncing... if I like it I'll sync the folder elsewhere. Then while running enpass, I noticed it had two programs running, Enpass and EnpassHelper. Enpass had an open socket connection with EnpassHelper talking to Enpass. Specifically, checking the network connections on my box for Enpass gave this: netstat -anp|grep 11095 tcp 0 0 127.0.0.1:10391 0.0.0.0:* LISTEN 11095/Enpass tcp 0 0 127.0.0.1:10391 127.0.0.1:54452 ESTABLISHED 11095/Enpass tcp 0 0 127.0.0.1:10391 127.0.0.1:54354 ESTABLISHED 11095/Enpass unix 2 [ ACC ] STREAM LISTENING 55350 11095/Enpass /tmp/qtsingleapp-Enpass-cf80-3e8 unix 3 [ ] STREAM CONNECTED 51738 11095/Enpass etc... My questions are: 1) Is internal enpass apps communicating over local sockets secure? (I've not tcpdump it yet) 2) Why is the main Enpass app listening to all IP address? Why is it 0.0.0.0:* and not 127.0.0.1:*? Thanks!
×
×
  • Create New...