url connections get snuffed as well, but maybe thats good?

[JamesGreen31]

Seems that if you connect via sftp (or the url window), the snuffer will find the password for the server instead of the master key. I wonder if this also will be patched in next release.

at least it's harder to get the master key this way.

[vdohney]

Hi, thanks for reporting this, interesting! This is expected, because it’s the same text box. And yes, it will be patched in the next release.

Can you describe how hard is it to find the master password in the dump? Is it still there, but on different positions?

[JamesGreen31]

Hi, thanks for reporting this, interesting! This is expected, because it’s the same text box. And yes, it will be patched in the next release.

Can you describe how hard is it to find the master password in the dump? Is it still there, but on different positions?

I'll dive in again to see if I can find it.

Given this kind of vulnerability, I wonder how they will patch it.

[vdohney]

Thanks!

Btw, it already is patched in the dev build, and the fix is pretty cool! I tested it and it seems to be doing the job.

You can find it in the SourceForge thread if you’re interested.