Angelika Tyborska on Nostr: npub1dc2vm…cddsu the SecureGo Plus app by Atruvia AG that you integrate with has a ...
npub1dc2vm0k7xsz8ec8yg47rmky2w4sg7sypds6tnypen3jqj3e6v07qncddsu (npub1dc2…ddsu) the SecureGo Plus app by Atruvia AG that you integrate with has a new security vulnerability. The passphrase input is no longer a password input, but a regular text input, and the system keyboard does autocomplete on it, reveling the password (see photo: you can guess which letters I typed by the suggestions). This also leads to the passphrase being remembered in the user's dictionary as a frequently used word. I hope you have a way to put some pressure on Atruvia AG to fix it.
Published at
2024-03-08 14:15:11Event JSON
{
"id": "1b5df1c670db316dda841bf8941c716854bf99b41f3c720f5ae6631d9e97ee4e",
"pubkey": "54983cf0c7a54bf2e58720c2edbafb9fa77569d0e248be6dfc67c57d186bc1cd",
"created_at": 1709907311,
"kind": 1,
"tags": [
[
"p",
"6e14cdbede34047ce0e4457c3dd88a75608f40816c34b990399c6409473a63fc",
"wss://relay.mostr.pub"
],
[
"p",
"12c7b921f6e6a998cb052be21720b102f6dad425938dfcb6ca1c918ea4f7c784",
"wss://relay.mostr.pub"
],
[
"proxy",
"https://mas.to/users/angelikatyborska/statuses/112060485538340267",
"activitypub"
]
],
"content": "nostr:npub1dc2vm0k7xsz8ec8yg47rmky2w4sg7sypds6tnypen3jqj3e6v07qncddsu the SecureGo Plus app by Atruvia AG that you integrate with has a new security vulnerability. The passphrase input is no longer a password input, but a regular text input, and the system keyboard does autocomplete on it, reveling the password (see photo: you can guess which letters I typed by the suggestions). This also leads to the passphrase being remembered in the user's dictionary as a frequently used word. I hope you have a way to put some pressure on Atruvia AG to fix it.\n\nhttps://media.mas.to/media_attachments/files/112/060/451/067/253/402/original/c4691f0a758849f7.jpg",
"sig": "cc93c863535fd673219c374ded837ad228df46970b059b74c1c57d46b7c57aef9977fed2feae34fc062d2a2fa278de42176aadc8c52de1845cce57440e42ef1e"
}
