Attached files not secure
Hi,
I just gave 1P 4 a spin and I found the following serious bug:
- Unlock your vault
- Attach a file to an item
- Open the attachment in e.g. Preview
- Close the attachment, close Preview
- Lock the vault
One would imagine that after locking the vault, the attachment should no longer be available. However, I'm afraid it is - and even with its normal name intact. If you open up Preview you can find it under 'Open Recent' and you can also find it directly on your disk where it is stored under ~/Library/Group Containers/.
Is this intentional? It looks like a major security flaw to me.
Comments
-
I'm seeing the same thing here with version 4.0.1b4. I have noticed that the files get deleted as soon as 1Password is relaunched. I would definitely prefer to see these files removed when 1Password is closed or locked.
0 -
Same thing here, I also run Version 4.0.1b4 (401004). I see this as major issue as well.
0 -
Hi guys,
This is definitely a critical issue and has been filed as such, this will be fixed in the next update.
0 -
Great, thanks MikeT
0 -
At the moment, the opened attachments are only cleared when the app is restarted. We'll make sure they are removed when the application is locked or closed.
0