Forum Discussion

Occasional Contributor

2 years ago

Secuvera findings

Hi there, will you improve the security of your product after the secuvera‘s findings? Yes, secrets need to be accessible to the processor, but findings say, the secrets of 1P stay there e...

windows

miggl8

New Contributor

2 years ago

Hello 1Password Team,

today I came across a https://www.secuvera.de/blog/studie-klartextpassworter-in-passwortspeichern/ which highlights a vulnerability in 1Password, classified as CWE-316. According to their findings, certain sensitive information, such as the SecretID, remains in memory even after the application is closed, which could potentially expose this data to unauthorized access.

Could you please provide more details on how 1Password classifies this vulnerability? Is there any ongoing work to address this issue, or are there recommended steps we as users can take to mitigate this risk on our systems?

Best regards,

miggl8

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Forum Discussion

Secuvera findings

Featured discussions

November at 1Password: the Access-Trust gap, planning your estate, and an updated unlock experience

Recent discussions

Ongoing Autofill Issues on Android

Storing PGP Keys

[BUG] Beta and Nightly extension degrade page's original functionallity

Items moved between vaults leave a copy in Recently Deleted

Software Licenses item icon intermittently blank/grey when new/editing