You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, the client instructs pwsafe to write extracted passwords to a temporary file, which the client then reads, puts, and unlinks. In the interval between the agent writing the file and the client reading it, any user with read access to that file can acquire the user's password. Moreover, upon use the file is simply unlinked from the filesystem, not properly erased, meaning any agent that can read the underlying disk still has access to the file until it is overwritten by something else. Both of these behaviors violate security goals of Password Safe, which does not have to trust the file system or disk. pwsafe-agent has to find a different way to receive the password in order to be a viable security tool.
The text was updated successfully, but these errors were encountered:
Currently, the client instructs pwsafe to write extracted passwords to a temporary file, which the client then reads, puts, and unlinks. In the interval between the agent writing the file and the client reading it, any user with read access to that file can acquire the user's password. Moreover, upon use the file is simply unlinked from the filesystem, not properly erased, meaning any agent that can read the underlying disk still has access to the file until it is overwritten by something else. Both of these behaviors violate security goals of Password Safe, which does not have to trust the file system or disk. pwsafe-agent has to find a different way to receive the password in order to be a viable security tool.
The text was updated successfully, but these errors were encountered: