Jump to content
Enpass Discussion Forum

Master password retrievable from a memory dump of a locked database


Recommended Posts

Guest Vikram Dabas

Hi @ctrl_alt_pasta

Thanks for writing in. We are aware of this issue, and are on it to fix it very soon.

When talking from the angle of severity of this issue it can be treated as a low severity for a normal user. Because to see a master password from core-dump, one need to have control over the system, and someone having that level of privilege (equivalent to admin rights), can circumvent every protection of any password manager by getting your master password through other means like  key logging, replacing the whole binary with a fake one, etc. Eventually, a password manager can not offer that much security on a tampered or frail PC.

But, I am not saying that we are not careful about the security of your data and master password. We are very concerned about it and a fix will be rolled out very soon. And as we've stated earlier, we are on path to refactor Enpass to make it more convenient with sturdiest level of security. 

Meanwhile, we request our beloved users to please bear with us.

Link to comment
Share on other sites

4 hours ago, Vikram Dabas said:

Hi @ctrl_alt_pasta

Thanks for writing in. We are aware of this issue, and are on it to fix it very soon.

When talking from the angle of severity of this issue it can be treated as a low severity for a normal user. Because to see a master password from core-dump, one need to have control over the system, and someone having that level of privilege (equivalent to admin rights), can circumvent every protection of any password manager by getting your master password through other means like  key logging, replacing the whole binary with a fake one, etc. Eventually, a password manager can not offer that much security on a tampered or frail PC.

But, I am not saying that we are not careful about the security of your data and master password. We are very concerned about it and a fix will be rolled out very soon. And as we've stated earlier, we are on path to refactor Enpass to make it more convenient with sturdiest level of security. 

Meanwhile, we request our beloved users to please bear with us.

Thank you for the response.

Link to comment
Share on other sites

  • 2 weeks later...
This topic is now closed to further replies.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy