Minor information leak when using Teams

Using 1Password on the Mac, I am a member of a team. The team-supplied passwords are hidden from me (no option to reveal). All I can do is launch a website using one of those passwords, and that's fine.

However, if a password from a Team vault matches one in a personal vault, I can see which entry, and thereby learn the password for the entry in the Team vault. (Obviously this won't be an issue with random generated passwords, but not everyone's there yet.)

The solution would be to suppress the check for duplicated passwords, for entries that you don't have view permission.


1Password Version: 7.3
Extension Version: Not Provided
OS Version: OS X 10.14
Sync Type: 1Password

Comments

  • BenBen AWS Team

    Team Member

    This seems to be another example of why password reuse is a bad idea. :) But you're absolutely right, we probably shouldn't be revealing this information, even with the best of intentions. We do have an issue filed for this that development is evaluating.

    Ben

    ref: apple-3554

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file