Changing a connection's settings (including passwords) in the session manager makes the save button enabled or disabled.
Now If I try to guess the password (i.e type over the masked password field), I can tell when i have guessed it right because the save button becomes enabled. This seems like a significant security hole.
Passwords easily discovered in Session Manager
Yes, that's right. Well... I'm still not thinking we have a security hole here. It's a conveniance feature, and you still have to guess what you already put into the password field before. You could also say the encryption HeidiSQL uses for storing passwords in registry is too weak.
Please login to leave a reply, or register at first.