Security vulnerability Reporting

We value your concern for your data security

Here at Enpass, our mission is to keep your data safe and secure – which only you can access. We welcome all security concerns brought forth, and we value your feedback. We take and investigate every vulnerability report very seriously and we are committed to thoroughly resolving any issues in a timely manner.

While using Enpass, if you feel you have found some potential security threat, please let us know as soon as possible. When reporting the issues, please be as thorough as possible providing us enough information so that we can re-create your findings. You can directly write to us. We will respond as soon as we can and may also follow up with you to get additional information. Once we’ve verified the issue and implemented a fix, we will surely appreciate you for your assistance and showcase your name down here, if you would like.

Previously reported

Vulnerability of Enpass Mac app store version

An application can inject malicious code in running Enpass process.

  • Reporter: Wojciech Reguła
  • Date: Oct 1, 2020
  • Affected Version: 6.5.0 (Mac App Store)
  • Issue no: ECS-15971
  • Fixed Version: 6.5.1 (Mac App Store)

What should be done?
Please update your copy of Enpass to latest v6.5.1

Vulnerability of Enpass installer

A DLL hijacking vulnerability was detected in NSIS-based installer for Enpass that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. The vulnerability existed due to improper loading of a DLL file by EnpassSetup-5.2.1.exe (or earlier versions) which allowed an attacker to load that DLL file (through the installer) to execute arbitrary code without the user’s knowledge.

  • Reporter: Himanshu Mehta
  • Date: August 16, 2016
  • Affected Version: Enpass 5.2.1 or earlier, of the traditional Windows
  • Tested on: Windows 7
  • Fixed Version: Update to Enpass 5.3.0 for Windows

What should be done?

To avoid any further concern, delete all/any previous installers downloaded on your PC and/or any backups. This will help avoid any inadvertent execution of the same.