Encrypted pages are cached unencrypted

Edit

Hawfinch

16 Feb, 2019 12:00 AM

I just noticed that the pages of my encrypted VoodooPad document also exist as unencrypted copies with the file type .vpspotlight in Library/Caches/Metadata/VoodooPad

As the cached pages are indexed by Spotlight a Finder search for "bank" (for example) will locate the cached unencrypted copy of the VoodooPad page with my bank details which can then be opened and read in TextEdit.

I'm running VoodooPad 5.3.0 on a MacBook Pro (Retina 13", early 2015) with OS 10.14.3

1 Posted by Marcus on 28 Mar, 2019 01:32 PM

Jesus---this is a major security hole!!

Primate Labs, are you going to release a fix for this anytime soon???

Can you tell us when we can expect the fix to be available?
- Edit
Support Staff 2 Posted by John on 04 Apr, 2019 03:38 AM

We've looked into this issue and are unable to reproduce it on our systems. The VoodooPad Spotlight plugin should not be able to read encrypted documents as it executes in a separate process.

Hawfinch, was the document always encrypted? Do you recall what versions of VoodooPad have opened that document on your Mac? Do you store the document password in your keychain?
- Edit
3 Posted by Hawfinch on 04 Apr, 2019 03:18 PM

Hi John,

The document has always been encrypted since I started using it (about 2 years ago) on this MacBook. I've always kept VoodooPad up to date, so all previous versions going back 2 years would have opened it on this Mac. Before that, I was using the document on another Mac going back to 2012.

The password is not in Keychain or anywhere else on my Mac.

Some further info. I store the document in my Dropbox folder for syncing. Today I created a new page in the encrypted document, and within seconds the page appeared (unencrypted) as a .vpspotlight file in Username/Library/Caches/Metadata/VoodooPad

It looks very much like Spotlight is able to see and cache the contents of open tabs in VoodooPad.
- Edit
Support Staff 4 Posted by John on 07 Apr, 2019 04:23 AM

Thank you for the additional information. I'll continue to investigate, and I will let you know if I have any additional questions.
- Edit

Reply to this discussion

Internal reply

Name

Email

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

Remove

Attach File: You can attach files up to 10MB

Verify Human: If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

New Issue
Conversation Started

A conversation has been started with the Primate Labs staff to resolve this discussion.
Close the discussion Close the discussion

Private Permissions

This discussion is private. Only you and Primate Labs support staff can see and reply to it.

Public Permissions

This discussion is public. Everyone can see and reply to it.

Comments Feed

Keyboard shortcuts

Generic

?	Show this help
ESC	Blurs the current field

Comment Form

r	Focus the comment reply box
^ + ↩	Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

	19 Jun, 2025 03:34 AM	NPU stress test by Geekbench AI Pro
	17 Jun, 2025 02:33 PM	Feature Request: Display Instruction Set Architecture (ISA) information for individual benchmark tests
	17 Jun, 2025 01:39 PM	GeekBench 4 Crashes in IOS 26 BETA
	17 Jun, 2025 09:33 AM	Accidentally removed result from my account
	16 Jun, 2025 09:50 PM	Bug Report

Recent Articles

	Geekbench AI Command Line Tool
	Geekbench AI Standalone Mode
	Geekbench 6 Command Line Tool
	Frequently Asked Questions
	Geekbench 6 Pro Standalone Mode

Primate Labs Support