Donate

Error console can temporarily display passwords

I’ve just been made aware of a potential privacy concern which has been fixed in the latest version of KeeFox. Until you receive the updated version, please note that some of your passwords may be temporarily displayed in a console that is used for debugging. This “error console” is usually hidden from view and its contents are not retained but in certain circumstances this could be a problem so I’ve tried to fix it as quickly as possible.

If you do have this error console visible when using KeeFox 1.1.2 or earlier, please be extra wary of people looking over your shoulder when you log in to websites using KeeFox.

Also be aware that it is not possible to predict how long a password may remain visible somewhere in that error console so for extra security you could consider clicking on the “Clear” button at the top of the console window at a suitable time (e.g. when you would normally lock your KeePass database).

If you want to be the first to get the fixed version you can subscribe to the development (beta) channel but (although it is somewhat out of my control) I expect the fix to be made available to all KeeFox users soon.

Sorry for any inconvenience!


Article categories: [keefox news release releases]
Published on: 29 November 2012