vedicaudio

pc issue Passkeeper security issue

9 posts in this topic

Normally passkeeper prompts user to enter Maxthon password before anything is revealed. However, if user has passkeeper open in a tab when Maxthon is shut down, the next time Maxthon is opened, and any user opens passkeeper again from the list on Last Session tab, then passkeeper opens and gives an unauthorized user full access to all website passwords.

Version 5.1.5.1000

2 people like this

Share this post


Link to post
Share on other sites

Confirmed.

M5 also opens if you click no on windows user account  control on start up.

Share this post


Link to post
Share on other sites

dont use last session but its easier than that

goto passkeeper and open by entering password 

close maxthon then open again

go to passkeeper and its open - no password required

[sorry if thats what you mean above]

for a browser that trumpets its secure this is one hell of a breach in that security 

1 person likes this

Share this post


Link to post
Share on other sites
8 hours ago, Tony said:

dont use last session but its easier than that

goto passkeeper and open by entering password 

close maxthon then open again

go to passkeeper and its open - no password required

[sorry if thats what you mean above]

for a browser that trumpets its secure this is one hell of a breach in that security 

You're right; I confirm this is a serious security FUBAR that needs to be fixed immediately.

However, the fact that I had never encountered this bug prompted me the do some experiments.  The findings are:

1. If Passkeeper is  opened, the password entered, and while Passkeeper is left open the browser is closed, you will find that Passkeeper remains open and accessible without the password the next time someone launches the browser.  There's  no need to usethe  Last Session link.

2.  However, if subsequently to having Passkeeper open under either stage of test 1, the browser is cloed with Passkeeper also closed, then upon the next launch of MX5 Passkeeper will require the password.

So the workaround until the bug is fixed is to always close Passkeeper before closing the browser.  By luck rather than intention this has been my practice.  So make it intentional pending the bug fix.

                                 <<SL>>

Share this post


Link to post
Share on other sites
3 hours ago, SnowLeopard said:

do some experiments.

Did the same and came to the same conclusion.

Share this post


Link to post
Share on other sites
19 hours ago, pantantrollo said:

I understand that you are all referring to Passkeeper with user account?

Yes. my normal SnowLeopard account.

18 hours ago, 7twenty said:

Did the same and came to the same conclusion.

Thanks for confirming.

                                         <<SL>>

Share this post


Link to post
Share on other sites

Hi Everyone

Entered password to access your Passkeeper account, If it is more than 15 minutes from the last “operation” in the time of entry, then the password is required again. That's the product logic(SnowLeopard said right, it not relate with Last Session, it just relate with time)

It is to prevent users from entering passwords many times in period of time, If you have higher security requirements, you can "exit" Passkeeper feature everytime you left the page

1.png

Share this post


Link to post
Share on other sites
1 hour ago, BugSir006 said:

Hi Everyone

Entered password to access your Passkeeper account, If it is more than 15 minutes from the last “operation” in the time of entry, then the password is required again. That's the product logic(SnowLeopard said right, it not relate with Last Session, it just relate with time)

It is to prevent users from entering passwords many times in period of time, If you have higher security requirements, you can "exit" Passkeeper feature everytime you left the page

1.png

you have to be kidding - if thats how you think it should be then your thinking is wrong - passkeeper should lock on exit with no user input - just another reason not to use this badly thought out 'feature'

Share this post


Link to post
Share on other sites