Jump to content


Photo

Suggestion: Hash saved login info (AirVPN.xml)

suggestion eddie password airvpn.xml hash

  • Please log in to reply
2 replies to this topic

#1 unit13

unit13

    Newbie

  • Members
  • Pip
  • 5 posts

Posted 18 April 2017 - 06:32 PM

Eddie client saves login and password information in AirVPN.xml as cleartext!

 

I am suggesting this information be hashed when saved, if possible.

 

<?xml version="1.0" encoding="utf-8"?>
<eddie>
  <options>
    <option name="login" value="your-saved-email-address@sample-email-address.com" />
    <option name="password" value="your-AirVPN-password-in-cleartext" />
    <option name="remember" value="True" />

...

 



#2 go558a83nk

go558a83nk

    Advanced Member

  • Members
  • PipPipPip
  • 1150 posts

Posted 18 April 2017 - 06:38 PM

Maybe I'm not thinking of every possible situation but if a malicious somebody has access to that xml file then it's already over for you - they've gained access to your machine. :)  My VPN username and password would be way down the list of worries. 



#3 Treiberschreiber

Treiberschreiber

    :() { :|: & }; :

  • Members
  • PipPipPip
  • 2297 posts
  • LocationGermany

Posted 23 April 2017 - 03:12 PM

Hi!

Referencing Windows version.
I just noticed: Why is the AirVPN password in the AirVPN.xml saved in plain text. Is there a chance to save it hashed, at least?


Regards, giga

 

Hello!

No, that's not planned at the moment. To save it encrypted in a safe way you should enter a master password (like you do with browsers) that is not stored anywhere, so it would be totally identical to as it is now when you don't keep "Remember" ticked. Different methods can be invented and made secure regardless of client program source code exposure but what would the point be...?

Kind regards
AirVPN Support Team


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs is the proper way to heaven.
Same issues are rare! Search for solutions and if not successful open your own threads.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

 






Similar Topics Collapse


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Servers online. Online Users: 15132 - BW: 43195 Mbit/sYour IP: 54.81.83.207Guest Access.