An update on the reported vulnerability regarding WER in Enpass for Windows PC

A few days back, a security flaw was reported by Renato Marinho, in Enpass for traditional Windows, where when crashed, heap dump file of Enpass was generated by Windows Error Reporting feedback infrastructure, which might contain sensitive data. This has been fixed in the v5.5.6.

Summary

A vulnerability related to the creation of memory dump files (containing the trace of recently accessed Enpass data) by WER feedback infrastructure of Windows OS, was detected in Enpass for traditional Windows. The report files with heap dumps are created for non-responding or crashed applications, at location (Windows 10: C:\ProgramData\Microsoft\Windows\WER) accessible only by admins and may sit there for the indefinite time. The purpose of these files is to look for the possible cause of the problem and suggest a solution to the user. Prior to version 5.5.6, the WER was assiduously generating reports for Enpass crashes, holding recently accessed data of Enpass (not master password) in clear text. After the recent fix, the WER will no longer generate error reports for Enpass.

Affected traditional Windows desktop version: v5.5.3 or earlier.
Tested on: Windows 10
Fix: Enpass 5.5.6 for Windows PC

What should be done?

Please update your copy of Enpass to latest 5.5.6 and remove existing dump files (.hdmp & .mdmp) generated by WER at the location for your corresponding Windows OS.

 

Comments

Frank 7 months, 1 week ago

Hello,

it seems the update does not work.
Have downloaded and press 'update' but afterwards the program reports, that it would like to update and the rev.no is still 5.5.3...
Do I have to uninstall completely?

cheers

Frank

Reply

Enpass Team 7 months ago

Hi Frank,

Sorry to hear about your trouble. Before installing the update, please make sure that the existing Enpass app is completely closed (even from System tray or Menu bar) and if you are using your system as a multi-user please make sure Enpass app is closed from all user accounts.

Also, open Task manager -->Details--> and check if Enpass app is there or not? If yes, please quit it first and try to update again.

Hope this helps!

Reply

New Comment

Feeds

Never miss an update. Subscribe to receieve an updates whenever we post something in the blog.

RSS / Atom

Categories