niemalsnever Posted October 8, 2016 Report Share Posted October 8, 2016 Hello, don't really know where to post this, but "Data Security" seems kind of fitting. I recently set up Enpass on my devices to synchronize via a nextcloud-server running on my desktop computer. In doing that, I realized I didn't receive a certificate warning on any of my devices when setting up the synchronization, even though the server is clearly using a self-signed certificate. I'd really appreciate it if I received a warning when setting up synchronization with a server using a self-signed certificate, and maybe even enable some sort of certificate pinning, to make sure my data doesn't end up on another WebDAV server, which happens to be accessible with the same URL and just is configured to store all data from incoming connections, regardless of matching credentials. (A malicious person could do that) Using Enpass 5.3.0 on Linux and Mac, and Enpass 5.4.3 on Android Link to comment Share on other sites More sharing options...
Anshu kumar Posted November 7, 2016 Report Share Posted November 7, 2016 Hi @niemalsnever, Missed a few posts during server migration including this one. Thanks @Angristan for bring it again into my notice. This issue has been raised in priority. Fixes will be available in upcoming updates. I appreciate your patience in the meantime. Link to comment Share on other sites More sharing options...
niemalsnever Posted November 22, 2016 Author Report Share Posted November 22, 2016 On 11/7/2016 at 10:43 AM, Anshu kumar said: Hi @niemalsnever, Missed a few posts during server migration including this one. Thanks @Angristan for bring it again into my notice. This issue has been raised in priority. Fixes will be available in upcoming updates. I appreciate your patience in the meantime. Hi @Anshu kumar, thank you for your reply and sorry for answering this late, but I felt like this topic was being ignored after not receiving a single reply for well over a week, so I lost interest in checking back. Thankfully I was able to ditch WebDAV-sync for folder sync and using my own synchronization infrastructure after folder sync was integrated into the Enpass Android App. Still for anyone relying on WebDAV-sync this is a major problem and I appreciate that you raised it's priority in your issue tracker. I look forward to seeing it fixed in an upcoming version. Link to comment Share on other sites More sharing options...
Recommended Posts