roboform flaw

Discussion in 'other security issues & news' started by whippy, Apr 29, 2008.

Thread Status:
Not open for further replies.
  1. whippy

    whippy Registered Member

    Apr 29, 2008
    Hi There is a major security flaw in Roboform as it does not encyrpt your passwords in the default folder while in use ,that means if you are hacked it is easy read , I personally was shocked to note this when told by another user …so I strongly recommend you dont use it for important passwords eg bank accounts ….after emailing roboform the agree that is the way it is and until they fix it I wouldnt use it again . I was a great beleiver in it until I was shown this flaw
    I personally assumed that roboform encrpted the default folder where it stores the passwords in , but it doesnt according to Roboform support unless you log out of roboform .
    Now nowhere does it explain this in the installation notes . I have never bothered logging out of roboform to me this is a major security flaw if you have important passwords say bank accounts stored in it .
  2. sukarof

    sukarof Registered Member

    Jun 22, 2004
    Stockholm Sweden
    Thanks for the info.
    I only use the firefox extension but I guess I am logged in as long as the firefox session is open (and if I have entered the master password once)
    Personally I dont worry much about being hacked, I have other layers, but I agree that a software that claims to secure the users passwords should not have this security hole. I hope Roboform does the right thing soon.
Thread Status:
Not open for further replies.