Your best friend for file transfer.

Fetch application logoFetch

Fetch 5.1 storing passwords insecurely (4 posts)

  • Started 8 years ago by chrishart1
  • Latest reply 8 years ago from Scott McGuire
  • chrishart1 Member

    I was using 5.0.4 and just upgraded to 5.1.

    I have found that 5.1 is storing my passwords in the list of recently used FTP servers. As soon as I select one of these server addresses, the password field automatically fills in with the password (concealed by bullets).

    I do not have the "add to keychain" option enabled. To my understanding, an app shouldn't be storing a password unless you tell it to do so. I don't believe I have told 5.1 to do so (and I see no control for this in the prefs).

    I do not want my FTP account passwords stored on the computer and would like to find out about a resolution.

    Thanks.

    Posted 8 years ago #

  • Scott McGuire Administrator

    Hi,

    Thank you for bringing this to our attention. It looks like Fetch is temporarily storing the passwords only while it is running; if you quit Fetch and re-run it, and then choose a recent connection, the password will not be filled in automatically. Could you please confirm if that matches what you're seeing?

    This means the password is not being stored on the computer permanently, only while Fetch is running.

    Nevertheless, I understand that this is not desirable and we will look into fixing it. In the meantime, you can re-download Fetch 5.0.5 from http://www.fetchsoftworks.com/downloads.html and use it until we release an update.

    Please let us know if you have more questions, and thanks again for the report.

    Scott McGuire
    Fetch Software

    Posted 8 years ago #

  • chrishart1 Member

    Yes, you're right. I see that the password only remains when the app stays open. But it does clear out after restarting Fetch. I tend to leave all my frequently-used apps open all the time, so that's why this retention of the password is of concern for me. I do secure my machine with the password-protected screen saver when I leave my desk. But I would feel better about the information not being retained. Thank you for your time and effort.

    Posted 8 years ago #

  • Scott McGuire Administrator

    Hi,

    Thanks for the confirmation and followup.

    Yes, we understand that you may leave Fetch running for some time, and so it shouldn't be remembering passwords like that. As I mentioned, you can revert to 5.0.5 for now, and we apologize for the inconvenience.

    Thanks,

    Scott McGuire
    Fetch Softworks

    Posted 8 years ago #

Reply

  • Or nickname, if you prefer.
  • This will be kept confidential.
  • This is to ensure that you’re a person, not a spambot.