Encrypted files left plain-text on the cache folder
Bug #1525038 reported by
Morsi Chaari
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
file-roller (Ubuntu) |
Confirmed
|
Low
|
Unassigned |
Bug Description
Used version: 3.10.2.1
OS: Ubuntu 14.04
Steps: Open an archive (7z format), double-click an encrypted file, type the password, the file is opened in LibreOffice Writer, the decrypted temporary file is located in the .cache folder, close LibreOffice Writer (with or without saving), close file-roller after confirming to update the file inside the archive. I figure out that the plain-text file is still present in the cache folder. LibreOffice Writer can even reopen it as "recent file" !
I believe it's a major security risk. Why file-roller doesn't remove the temporary plain-text file when closing?
information type: | Private Security → Public Security |
Changed in file-roller (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → Low |
To post a comment you must log in.