EAuthenticator security release v0.1.1
By Nikolas Eller, Posted on Nov 30, 2018 - 08:52 UTC
This release v0.1.1 of EAuthenticator is a security update for EAuthenticator v0.1.0. It fixes a vulnerability with the in-memory protection. Due to this vulnerability, an attacker can read the content of the account data (including the account secrets) if the attacker can read the memory and the account data is changed while running EAuthenticator. This happens because the nonce in the stream cipher ChaCha20 was reused. The severity of this vulnerability is low because an attacker needs full control over your computer to read the memory of a process and apply a successful attack. Also, the encryption keys of the in-memory protection are stored in memory and if an attacker can read the memory, also these keys can be stolen. With these keys, an attacker can also decrypt the account secrets. Nevertheless, we recommend upgrading to EAuthenticator v0.1.1.
Download: EAuthenticator v0.1.1
If you want to get the newest information about EAuthenticator: Follow us on Twitter