distal-attribute
distal-attribute
distal-attribute
distal-attribute

Passwords easily discovered in Session Manager

makkynz posted 2 years ago in General
Changing a connection's settings (including passwords) in the session manager makes the save button enabled or disabled.

Now If I try to guess the password (i.e type over the masked password field), I can tell when i have guessed it right because the save button becomes enabled. This seems like a significant security hole.
makkynz posted 2 years ago
sorry I mean't "...because the save button becomes disabled."
ansgar posted 2 years ago
Alone the fact that you know your guess was right is not a security hole. The same would happen if you guess and just try to connect.
makkynz posted 2 years ago
but you can monitor failed connection attempts and apply whatever security strategy you want around it.
ansgar posted 2 years ago
Yes, that's right. Well... I'm still not thinking we have a security hole here. It's a conveniance feature, and you still have to guess what you already put into the password field before. You could also say the encryption HeidiSQL uses for storing passwords in registry is too weak.

makkynz posted 2 years ago
ok cool. I suppose it is kind of like splitting hairs.
ansgar posted 2 years ago
Hoping you're not talking ironically now :)

Please login to leave a reply, or register at first.