Jump to content
Enpass Discussion Forum

Master password retrievable from a memory dump of a locked database


ctrl_alt_pasta
 Share

Recommended Posts

Hi @ctrl_alt_pasta

Thanks for writing in. We are aware of this issue, and are on it to fix it very soon.

When talking from the angle of severity of this issue it can be treated as a low severity for a normal user. Because to see a master password from core-dump, one need to have control over the system, and someone having that level of privilege (equivalent to admin rights), can circumvent every protection of any password manager by getting your master password through other means like  key logging, replacing the whole binary with a fake one, etc. Eventually, a password manager can not offer that much security on a tampered or frail PC.

But, I am not saying that we are not careful about the security of your data and master password. We are very concerned about it and a fix will be rolled out very soon. And as we've stated earlier, we are on path to refactor Enpass to make it more convenient with sturdiest level of security. 

Meanwhile, we request our beloved users to please bear with us.

Link to comment
Share on other sites

4 hours ago, Vikram Dabas said:

Hi @ctrl_alt_pasta

Thanks for writing in. We are aware of this issue, and are on it to fix it very soon.

When talking from the angle of severity of this issue it can be treated as a low severity for a normal user. Because to see a master password from core-dump, one need to have control over the system, and someone having that level of privilege (equivalent to admin rights), can circumvent every protection of any password manager by getting your master password through other means like  key logging, replacing the whole binary with a fake one, etc. Eventually, a password manager can not offer that much security on a tampered or frail PC.

But, I am not saying that we are not careful about the security of your data and master password. We are very concerned about it and a fix will be rolled out very soon. And as we've stated earlier, we are on path to refactor Enpass to make it more convenient with sturdiest level of security. 

Meanwhile, we request our beloved users to please bear with us.

Thank you for the response.

Link to comment
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...