Security Issue (can get clear text Passwords while Application is locked)
Security Issue (can get clear text Passwords while Application is locked)
It's nice that you now support AppleScript for several actions like exporting entries. Unfortunately, there's a rather uncomfortable security issue in the current implementation.
It's possible to retrieve passwords and other confidential data even when the application is locked (File - Lock Application). So as long as an attacker has access to my computer he can get ahold of all my confidential RDM data, even when I explicitly lock the application to prevent this.
And of course, thanks to AppleScript this data theft can be automated quite nicely without requiring any user input whatsoever.
I suggest you move quickly to rectify this situation!
All Comments (4)
You have a good point. This will be fixed quickly.
David Hervieux
We will also add an option to completely disable Applscript
David Hervieux
This is now fixed internally. Thank you very much for your feedback.
David Hervieux
Thx for taking care of this quickly!