My password manager now all passwords are gone, so makes sense. On Wed, Aug 14, 2024, 9:50 PM Selva Nair <selva.n...@gmail.com> wrote:
> > > On Wed, Aug 14, 2024 at 2:52 AM Gert Doering <g...@greenie.muc.de> wrote: > >> Hi, >> >> On Tue, Aug 13, 2024 at 08:14:23PM -0400, Selva Nair wrote: >> > Nonetheless, on Windows, we could easily add CryptProtectMemory() with >> > SAME_PROCESS access for good measure, especially for those who cannot >> use >> > "--auth-nocache". That will also add some protection to proxy passwords >> > which are always cached for some reason. >> >> Would you be willing to send something? >> > > Will try. Doesn't look as easy as I first thought, but still doable. > > >> >> (proxy auth caching has been reworked in commit 3cfd6f961d5c92bec2, and >> Frank / Gianmarco claim it is behaving better now - that is, caching if >> allowed, and not caching if --auth-nocache is in effect. I have not >> tested all possible variants myself) >> > > As far as I can see, the long-term storage buffer (one that persists > password > across restarts) is cleared if nocache is in effect. A local copy is still > retained for a > long while in establish_proxy_pass_through() as p->up and never properly > cleared. > Also there are some buffers into which password is copied into for auth, > and not > wiped clean after use. > > Not hard to fix, but I do not have a proxy setup to test. > > Selva > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users >
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
