or Create a profile

Home VoodooPad

Encrypted pages are cached unencrypted

Hawfinch's Avatar

Hawfinch

16 Feb, 2019 12:00 AM

I just noticed that the pages of my encrypted VoodooPad document also exist as unencrypted copies with the file type .vpspotlight in Library/Caches/Metadata/VoodooPad

As the cached pages are indexed by Spotlight a Finder search for "bank" (for example) will locate the cached unencrypted copy of the VoodooPad page with my bank details which can then be opened and read in TextEdit.

I'm running VoodooPad 5.3.0 on a MacBook Pro (Retina 13", early 2015) with OS 10.14.3

  1. 1 Posted by Marcus on 28 Mar, 2019 01:32 PM

    Marcus's Avatar

    Jesus---this is a major security hole!!

    Primate Labs, are you going to release a fix for this anytime soon???

    Can you tell us when we can expect the fix to be available?

  2. Support Staff 2 Posted by John on 04 Apr, 2019 03:38 AM

    John's Avatar

    We've looked into this issue and are unable to reproduce it on our systems. The VoodooPad Spotlight plugin should not be able to read encrypted documents as it executes in a separate process.

    Hawfinch, was the document always encrypted? Do you recall what versions of VoodooPad have opened that document on your Mac? Do you store the document password in your keychain?

  3. 3 Posted by Hawfinch on 04 Apr, 2019 03:18 PM

    Hawfinch's Avatar

    Hi John,

    The document has always been encrypted since I started using it (about 2 years ago) on this MacBook. I've always kept VoodooPad up to date, so all previous versions going back 2 years would have opened it on this Mac. Before that, I was using the document on another Mac going back to 2012.

    The password is not in Keychain or anywhere else on my Mac.

    Some further info. I store the document in my Dropbox folder for syncing. Today I created a new page in the encrypted document, and within seconds the page appeared (unencrypted) as a .vpspotlight file in Username/Library/Caches/Metadata/VoodooPad

    It looks very much like Spotlight is able to see and cache the contents of open tabs in VoodooPad.

  4. Support Staff 4 Posted by John on 07 Apr, 2019 04:23 AM

    John's Avatar

    Thank you for the additional information. I'll continue to investigate, and I will let you know if I have any additional questions.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

  • New Issue

  • Conversation Started

    A conversation has been started with the Primate Labs staff to resolve this discussion.

  • Close the discussion

Private Permissions

This discussion is private. Only you and Primate Labs support staff can see and reply to it.

Public Permissions

This discussion is public. Everyone can see and reply to it.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

22 Nov, 2019 03:32 PM Incompatibility
22 Nov, 2019 11:13 AM Access to dataset
21 Nov, 2019 08:13 PM CPU Benchmark abort on MacBook Air with Geekbench 5
21 Nov, 2019 06:33 PM Galaxy 8 CPU high load unexplained
20 Nov, 2019 05:48 PM HTTPS Problems Everywhere?

Recent Articles

Frequently Asked Questions
Geekbench 4 Pro Command Line Tool
Geekbench 5 Pro Standalone Mode
Interpreting Geekbench 5 Scores
Installing Geekbench 5 on Linux