Attached files not secure

kga1978
kga1978
Community Member

Hi,

I just gave 1P 4 a spin and I found the following serious bug:

  1. Unlock your vault
  2. Attach a file to an item
  3. Open the attachment in e.g. Preview
  4. Close the attachment, close Preview
  5. Lock the vault

One would imagine that after locking the vault, the attachment should no longer be available. However, I'm afraid it is - and even with its normal name intact. If you open up Preview you can find it under 'Open Recent' and you can also find it directly on your disk where it is stored under ~/Library/Group Containers/.

Is this intentional? It looks like a major security flaw to me.

Comments

  • Cobalt
    Cobalt
    Community Member

    I'm seeing the same thing here with version 4.0.1b4. I have noticed that the files get deleted as soon as 1Password is relaunched. I would definitely prefer to see these files removed when 1Password is closed or locked.

  • kinnla
    kinnla
    Community Member

    Same thing here, I also run Version 4.0.1b4 (401004). I see this as major issue as well.

  • Hi guys,

    This is definitely a critical issue and has been filed as such, this will be fixed in the next update.

  • kga1978
    kga1978
    Community Member

    Great, thanks MikeT

  • At the moment, the opened attachments are only cleared when the app is restarted. We'll make sure they are removed when the application is locked or closed.

This discussion has been closed.