Jump to content
Enpass Discussion Forum

Warn if using Self-Signed Certificate (WebDAV Sync)


niemalsnever

Recommended Posts

Hello, don't really know where to post this, but "Data Security" seems kind of fitting. I recently set up Enpass on my devices to synchronize via a nextcloud-server running on my desktop computer. In doing that, I realized I didn't receive a certificate warning on any of my devices when setting up the synchronization, even though the server is clearly using a self-signed certificate. I'd really appreciate it if I received a warning when setting up synchronization with a server using a self-signed certificate, and maybe even enable some sort of certificate pinning, to make sure my data doesn't end up on another WebDAV server, which happens to be accessible with the same URL and just is configured to store all data from incoming connections, regardless of matching credentials. (A malicious person could do that)

Using Enpass 5.3.0 on Linux and Mac, and Enpass 5.4.3 on Android

Link to comment
Share on other sites

  • 5 weeks later...
  • 3 weeks later...
On 11/7/2016 at 10:43 AM, Anshu kumar said:

Hi @niemalsnever,

Missed a few posts during server migration including this one. Thanks @Angristan for bring it again into my notice. This issue has been raised in priority. Fixes will be available in upcoming updates. I appreciate your patience in the meantime.

Hi @Anshu kumar,

thank you for your reply and sorry for answering this late, but I felt like this topic was being ignored after not receiving a single reply for well over a week, so I lost interest in checking back. Thankfully I was able to ditch WebDAV-sync for folder sync and using my own synchronization infrastructure after folder sync was integrated into the Enpass Android App.

Still for anyone relying on WebDAV-sync this is a major problem and I appreciate that you raised it's priority in your issue tracker. I look forward to seeing it fixed in an upcoming version.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...