Password is visible in Password Manager

Started by WindowsStar

Password is visible in Password Manager   29 September 2018, 05:35

FYI passwords can be revealed to anyone the user shares config files with. The password manager has a reveal password option. Users need to be aware of this security issue so they don't expose your passwords to other users or staff that should not have access to them.

Thanks -WS
SoftPerfect Support forum - Andrew avatar image

Re: Password is visible in Password Manager   29 September 2018, 08:47

It does indeed have the password reveal function for convenience. This way the user can make sure a correct password is used in scanning.

While, like you mentioned, it could be a security risk, sharing a configuration file invariably means that passwords must go into that file. The passwords are encoded (not clear text), but whoever receives the file has at least two other options to recover them, even if password reveal function did not exist:
  1. The hard way: reverse-engineer the scanner's code and find out how to decode them directly from the config file; or
  2. The easy way: use any app that reveals passwords in bullets-hidden edit fields. While MS has made it impossible in Windows 10, nothing would stop someone from running the scanner in Windows 7 and use for example BulletsPassView.

So even if we removed the password-reveal function, there are ways to extract stored passwords from a config file. The only reliable solution I see here is to remove access credentials from shared config files or create some sort of temporary accounts on your equipment.

Reply to this topic

Sometimes you can get the answer faster if you try the forum search and/or have a look at the software user manual to see if your question has already been answered.

Our forum rules are simple:

  • Be polite.
  • Do not spam.
  • If possible, check your spelling and grammar.

Author:

Email:

Subject

A brief and informative title for your message, approximately 4–8 words:

     

Spam prevention: please enter the following code in the input field below.

 **    **  ********  ********  **     **  ******** 
  **  **      **     **        **     **     **    
   ****       **     **        **     **     **    
    **        **     ******    **     **     **    
    **        **     **         **   **      **    
    **        **     **          ** **       **    
    **        **     **           ***        **    

Message: