Jump to content
Enpass Discussion Forum

Major bug using iCloud


David Jameson
 Share

Recommended Posts

So, I have completely given up using my Nextcloud server for Enpass (Enpass is just not reliable in that environment)....sad because the ability to use my private server was the reason I switched in the first place.

However, given the amount of time I have now invested in Enpass, before giving up on Enpass completely I thought I'd try using iCloud as the server and immediately ran into a new problem.

Scenario:   I have multiple devices but with just my Mac and an iPhone, here's the problem I ran into.

Step 1. I switched my Mac to use iCloud instead of NextCloud and synced.

Step 2. I then modified the passwords for one of the entries in Enpass  (Plex had a data breach the other day so I was changing passwords)

Step 2a) I don't remember if I explicitly resynced or just shut off my system but regardless, that shouldn't matter!

Step 3. A few hours later, I opened my iPhone, opened Enpass and switched the vault from NextCloud to iCloud and synced

Step 4. The next day, I opened my Mac again, opened Enpass and discovered that the password for my Plex had reverted to the old password that was still on my iPhone.

Step 5. Sure enough, checking my iPhone, the old password was still stored.

 

It seems that when you connect your vault to a new source, the sync process isn't taking into account the **timestamp** of entries already in the vault and Enpass is just blindly overwriting with whatever is on the device being synced. It **should** be detecting when a value in the vault is newer than what is on the device and sync that value back to the device.

This is scary because passwords can now easily be lost.

Very disappointing and surprising behavior for a critical tool.

  • Sad 1
Link to comment
Share on other sites

I see sometimes the same behavior, but without changing vault sync locations.

Primary I use my Apple devices and use iCloud for syncing. My Windows PC is not that often used anymore, so I need to reauthenticate quite often. Which often, not always, creates same behavior and changed entries are overwriten with older ones.

So really interested in the resolution. That's really annoying. 

Link to comment
Share on other sites

Hi @David Jameson and @RalfE89,

Apologies for the inconvenience caused. Please share the following details so that I can get this issue investigated by our concerned team.

  1. On which devices and OS versions (mention all) are you using Enpass?
  2. Which Enpass version are you using on each device?
  3. Does the last synced time get updated on the sync page?
  4. Total number of items and vaults in your Enpass.

#SI-3067

Link to comment
Share on other sites

Hi Guishan,

thanks for your reply and I support you guys as best as I can. My details:

  1. iPhone 12 Pro on iOS 15.6.1, iPad Pro 11'' from 2017 on iPad OS 15.6.1, MBP 16'' with M1 Pro on Mac OS 12.5.1 and Windows 10 Desktop on Windows 10 Pro 21H2 (19044.1889)
  2. iOS 6.8.1 (633), iPad OS 6.8.1 (633), Mac OS 6.8.2 (1082) Mac App Store, Windows 6.8.2 (1084)
  3. Yes
  4. One vault with around 300 items across all categories, most of them are logins. No attachments stored. Cleaned up on Saturday, now at precisely 252 total items and on Sunday I had my last overwrite issue.
Link to comment
Share on other sites

@RalfE89,

Thank you for sharing the details.

I have duly noted your feedback and all the details have been forwarded to our concerned team for further investigation. I will update you on this as soon as I receive any updates from the team regarding the same.

In the meanwhile, your patience and support are highly appreciated.
#SI-3067

  • Thanks 1
Link to comment
Share on other sites

I think the equipment list is irrelevant. Just setup enpass on a Mac and on an iPad, sync with iCloud, and you will be able to reproduce the problem.

It may very well be that the problem can be reproduced using two Macs as well, I haven’t tried that.

in any case, the symptoms suggests strongly that the date of the entry is not being used to determine which “side” is newer.

That said, I wish you’d fix the problem with Nextcloud so Enpass doesn’t arbitrarily decide that the password is wrong and refuses to connect any more.

Link to comment
Share on other sites

  • 4 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...