![]() ![]() ![]() This is a critical risk for people who have their Social Security numbers filled in their Enpass identities. I tested the hidden field phishing example at and it looks like Enpass is also vulnerable to this identity fill exploit as the hidden fields are filled. I'm assuming this because once I opened the edit for the identity and filled the default Enpass fields: "First name" and "Last name" without N capitalized, I was able to fill the fields with labels matching "First name" and "Last name". I just determined that the identities imported from Lastpass had First Name and Last Name field labels imported like so:Īpparently, the field label matching is case-sensitive in Enpass instead of fuzzy matching. I am indeed double-clicking on the identities in the browser extension menu and it wasn't working. I should have been more explicit as to what I was doing. To test whether it was that specific form that could not be filled, I went to a basic HTML form on w3schools to see if I could auto-fill the fields using the saved Identity - and it doesn't appear that I am able to.Īm I missing something? As per the article, auto-fill for identity was implemented in 2016, but based on my experience thus far that doesn't seem to actually be the case. I attempted to test to see if this is the case on the Github page of the developer who discovered it : īut I can't seem to get the identity to auto-fill from the Chrome extension. I want to ensure Enpass is not vulnerable to the same "hidden field" auto-fill vulnerability that Lastpass (and Chrome) are. One of the primary reasons I'm transitioning away from Lastpass is the extremely poor customer service I received while reporting a phishing vulnerability. 88 (Official Build) (64-bit)) and now the Android app.Īs per the discussion here it appears that auto-fill for saved identities has been implemented. I have the Windows 10 (Build 1903 64-bit) Desktop app, the Chrome extension (on Version. I'm currently trialing Enpass to see if the feature set is comparable and worth the transition. I'm dissatisfied with Lastpass Premium and am considering Enpass as an alternative. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |