Hi Karl,
While trying to troubleshoot fingscan not loading on my recently upgraded to Sonoma Mac Mini, I reviewed the plugin.log file fingscan creates and realized much to my dismay that my Mac password is entered many many times in cleartext right in the log, which is a pretty big security issue to me. I've disabled fingscan and would love to know if this is a known issue that is on a list for a rapid fix.
Thanks for this very helpful plugin!
-jonathan
Computer password is in cleartext in the plugin.log file
- JonathanKing offline
- Posts: 36
- Joined: Dec 29, 2015
Computer password is in cleartext in the plugin.log file
- kw123 offline
-
- Posts: 8366
- Joined: May 12, 2013
- Location: Dallas, TX
Re: Computer password is in cleartext in the plugin.log file
It is only shown when debug is on. If you switch it off the password is not shown
Sent from my iPhone using Tapatalk
Sent from my iPhone using Tapatalk
- kw123 offline
-
- Posts: 8366
- Joined: May 12, 2013
- Location: Dallas, TX
Re: Computer password is in cleartext in the plugin.log file
there is now a new version 2022.38.95 that xxxxx es passwords printed to the log file
Karl
ps
if some external can read your log files on your home mac you have a real problem
and fingscan does NOT save the password in clear text in the prefs file
Karl
ps
if some external can read your log files on your home mac you have a real problem
and fingscan does NOT save the password in clear text in the prefs file
- JonathanKing offline
- Posts: 36
- Joined: Dec 29, 2015
Re: Computer password is in cleartext in the plugin.log file
Thank you Karl, I really appreciate your quick tweak to the code!
-Jonathan
-Jonathan
Who is online
Users browsing this forum: No registered users and 8 guests