1. Udayan K's Avatar
    Hi! I use the Password Keeper and today I downloaded Enpass to see how it is. So I'm assuming it is the latest version?

    I noticed there's a major bug (don't know if one can call it that) in Enpass. When you minimize Enpass, you can still see the screen you were viewing for a second. So if you're viewing your passwords, they are visible for a short time. While that happens with the Keeper as well and while it is not a major problem, when you restore/maximize Enpass, you see the last viewed screen once again! You see the screen long enough not only to read a field but also take a screen shot of it before it asks for your master password! I know because I tried taking the screen shot at that instant and sure enough, I got to save an image of all my credentials. This defeats the entire purpose of the app.

    The Keeper, however, rightly hides the screens and asks for the master password right away.

    Anyone else noticed this?

    Posted via CB10
    Q10Bold likes this.
    01-28-14 04:36 AM
  2. dna47's Avatar
    But why would you keep enpass in an active frame? and why would someone have your phone when this active frame is opened?
    01-28-14 04:41 AM
  3. sinkingphoenix's Avatar
    But why would you keep enpass in an active frame? and why would someone have your phone when this active frame is opened?
    He raises a valid question, I don't think asking why is going to bring this discussion further. I too use enpass (and I'm actually very happy with it, just needs a linux version). You should definitely bring this up to the developers via their support email, they answer those fast. I was never really bothered by this issue, as my passwords are always hidden, and thus someone would only see info like my email address.

    PS: ask them for a linux version while you're writing them, I hope they'll develope one when seeing that demand is there

    Posted via CB10
    01-28-14 04:51 AM
  4. Udayan K's Avatar
    It's unlikely and it's a big what-if scenario but that doesn't mean this should happen.

    What if I'm looking at my passwords and I get a call so that Enpass is reduced to an Active Frame?

    Posted via CB10
    01-28-14 04:51 AM
  5. dna47's Avatar
    It's unlikely and it's a big what-if scenario but that doesn't mean this should happen.

    What if I'm looking at my passwords and I get a call so that Enpass is reduced to an Active Frame?

    Posted via CB10
    But while on a call no one should have access to your phone and take a screenshot. but like said before, you should get in touch with the dev and bring that issue up
    01-28-14 04:55 AM
  6. Udayan K's Avatar
    Yeah Enpass is otherwise top notch, just that this minor thing is slightly irritating. It appears as if it lags because of this.

    Posted via CB10
    01-28-14 04:56 AM
  7. reversekcid's Avatar
    Must be a bug. I also have the latest version of Enpass installed and it is properly locking access when you restore it from the active frame.

    I would reinstall the app

    BTW: I am using the latest leak.

    Posted via CB10
    01-28-14 04:58 AM
  8. dna47's Avatar
    He raises a valid question, I don't think asking why is going to bring this discussion further. I too use enpass (and I'm actually very happy with it, just needs a linux version). You should definitely bring this up to the developers via their support email, they answer those fast. I was never really bothered by this issue, as my passwords are always hidden, and thus someone would only see info like my email address.

    PS: ask them for a linux version while you're writing them, I hope they'll develope one when seeing that demand is there

    Posted via CB10
    I understand that's it's an issue, but OP said it was a "major" bug...i don't think it's major since you can close the active frame and be sure that nobody can have a peak at your passwords
    01-28-14 04:58 AM
  9. Udayan K's Avatar
    If we really want a scenario: what if I am looking at my passwords and I get a call, and then someone else uses my phone to speak to the caller, ends the call and just restores Enpass and as a result, gets a glimpse of my password or my ATM pin, which is easier to remember?

    Like I said, the scenario is very unlikely, improbable even, but that doesn't make the issue disappear.

    I will definitely mail them and let you know what they have to say. Thanks!

    Posted via CB10
    01-28-14 05:04 AM
  10. Udayan K's Avatar
    Okay maybe "major" was not a proper choice of words but all I meant was it compromises the quality
    of such a critical app.

    Posted via CB10
    01-28-14 05:07 AM
  11. sinkingphoenix's Avatar
    I would call it major, enpass is a security application, if it leaks what it protects, Nd in such an easy way, that's classifiable as major

    Posted via CB10
    01-28-14 05:17 AM
  12. dna47's Avatar
    I would call it major, enpass is a security application, if it leaks what it protects, Nd in such an easy way, that's classifiable as major

    Posted via CB10
    reversekcid said that this doesn't happen with him, so i guess it's not that major
    01-28-14 05:19 AM
  13. dna47's Avatar
    Anyway, not trying to start a war here. OP should definitely get in touch with the dev, because it is a security flaw. i was just pointing out that if you want it to be 100% secured, that app shouldn't be running in an active frame
    01-28-14 05:23 AM
  14. Udayan K's Avatar
    Let's not start an argument over definitions. Whatever it is, the app definitely shouldn't be doing what it is doing.

    I tried reinstalling the app and I'm getting the same result.

    Did you guys actually try what I did? Did I tell you that the previous screen is visible only for a fraction of a second before the app asks for the master password? But it is still long enough to catch a word or a 4-digit pin. That's why most people haven't realized it yet. Password Keeper doesn't show the screen even for this short a duration. That's what Enpass must be doing.





    Posted via CB10
    01-28-14 07:27 AM
  15. sinkingphoenix's Avatar
    I am getting the exact same behaviour, just that I'm always hiding my passwords, so all one could see is a login name

    Posted via CB10
    01-28-14 08:58 AM
  16. Sinew Software's Avatar
    Dear Enpass users,

    Thanks for highlighting the issue and we are sorry for the inconvenience caused to you. This is your feedback that keeps us on our toes to implement new features and fix issues. Soon we are releasing a new version with many new enhancements in all mobile and desktop versions. With that we will fix this issue too.

    We request you to please report any such issue or query on support@sinew.in.

    Regards
    -Sinew Team
    Lendo likes this.
    01-30-14 07:29 AM
  17. adamlau's Avatar
    Is Linux support (source/binary) forthcoming? Drop a 64-bit binary on us!
    01-30-14 10:52 AM
  18. sinkingphoenix's Avatar
    Btw. the newest update solved this problem! Thanks Sinew!
    02-21-14 08:33 AM

Similar Threads

  1. Visual voicemail bug on Q10 and z10
    By boss_hog in forum BlackBerry 10 OS
    Replies: 6
    Last Post: 01-29-14, 11:31 AM
  2. Enpass vs BlackBerry Pasword Keeper
    By andreirad in forum BlackBerry 10 Apps
    Replies: 5
    Last Post: 01-28-14, 08:57 AM
  3. BlackBerry World bug notifications
    By Haxorleet in forum BlackBerry Z10
    Replies: 6
    Last Post: 01-20-14, 11:50 AM
  4. Bug on z10 stl-100
    By Alvin Loh in forum BlackBerry Z10
    Replies: 5
    Last Post: 01-18-14, 06:33 PM
  5. Picture password/lock screen bug!
    By 2Peks1Bird in forum BlackBerry 10 OS
    Replies: 6
    Last Post: 01-18-14, 04:39 PM
LINK TO POST COPIED TO CLIPBOARD