Jump to content

Search the Community

Showing results for tags 'microsoft'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General discussion
    • Hot topics
    • Enpass Support & Troubleshooting
    • Registration and Purchases
    • Autofilling and Desktop Browser Extensions
    • Data Security
    • Announcements
  • Help us improving Enpass
    • Feature requests
    • Enpass Beta
    • Localization
  • General discussion

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

Found 1 result

  1. Hi guys, As we have mentioned in our blog-post that Edge browser extension will not be part of stable releases. We will keep the beta-stream of Traditional Windows as updated as stable stream with an additional, most in-demand feature: Edge Browser extension. The newly released Enpass Beta 5.3.1 is similar to stable Enpass 5.3.0. You can download the Edge supported Beta version from here and Edge extension from here & follow the steps mentioned in readme.txt . Before using the beta version, you should be aware of risks involved by: Disabling isolation of Edge browser: To strike down the Issue of Microsoft Edge browser (where being a UWP App, it doesn't allow any other App to connect to it on same machine through loopback), we have to disable the network isolation of Edge using the following command. CheckNetIsolation LoopbackExempt -a -n="Microsoft.MicrosoftEdge_8wekyb3d8bbwe" Warning: As per Microsoft, the use of above command to overrule the Network capabilities of Edge browser is not a general practice and is not recommended for normal users as it can make the Edge browser vulnerable. Format of Websocket origin: When edge extension connects to Enpass app via websocket, the websocket origin set by Edge is in somewhat a non-standard format https://EnpassPasswordManager_nt7fcssrybz1j:0. Ideally it should be ms-browser-extension://EnpassPasswordManager_nt7fcssrybz1j:0 Being in the https protocol format, it might lead an attacker to run an attack site on a machine that resolves to our extension ID by DNS spoofing and installing its self-signed root certificate authority on your computer. If a request come from Edge browser runing that attack site will look like an authentic request to Enpass. If you PC is already in so much control of a bad guy that he can install self signed root certificate and run a site on your machine (which requires administrator permission), you are already at potential risk. Although it is not so easy for anyone in a control environment, but as a user of Enpass, we want you to be aware of this issue. Keep using Enpass and stay secure!
×
×
  • Create New...