July 6, 20232 yr Master password can be extracted from memory dump created without admin priviledges and after locked password manager: https://redmaple.tech/blogs/2023/extract-bitwarden-vault-passwords/ Are we (Enpass users) safe? regards, syriusz
July 6, 20232 yr Hi @syriusz We already have a forum dedicated to the same topic. Kindly check out the following thread: https://discussion.enpass.io/index.php?/topic/6625-news-some-password-managers-expose-the-data-theyre-designed-to-protect/&do=findComment&comment=14939
July 6, 20232 yr Author Ok thanks for the link and I’m really glad to read this! Thank you for your hard work and I’m happy that Enpass Team monitors such security issues! Best regards, syriusz
July 7, 20232 yr So I followed the link and its description to read a memory dump. I wasn’t able to read and find my passes (neither master, nor pin nor from entries) but what I was able to read - and I do not know the gravity of it - I could read all the OTP secrets, as they were unencrypted. Maybe something to consider…
July 7, 20232 yr Hi @AnakinCaesar Thank you for bringing this issue to our attention and we greatly appreciate your input. Our dedicated team is currently looking into this concern, and we will provide you with an update as soon as possible. We kindly ask for your patience in the meantime. #SI-3391
July 10, 20232 yr Hi @AnakinCaesar We have successfully replicated the issue on our side, and we are currently working on a patch to address this bug. We sincerely appreciate your patience during this time.
Create an account or sign in to comment