[ZendTo] ANNOUNCE: Version 5.10-1 "production" released

[Bryan Jones]

I've identified a potential issue with the new file encryption function of 5.10-1.

It is possible to deliver an encrypted file with a blank passphrase, that cannot be decrypted and downloaded by the recipient:

Upon checking to box to "Encrypt every file", you're presented the dialog to provide a passphrase.  It is possible to exit that box without supplying a passphrase.  However the "Encrypt every file" option is still selected.
At that point, you can upload files, and deliver them, and they are encrypted.
Upon notification to the recipient, they see the file delivery, but upon attempting to download, they're prompted for a passphrase.  However, no passphrase was originally supplied, and it is not possible to submit a blank passphrase.
The files are therefore not retrievable.

If the person dropping off the files exits the passphrase dialog box without supplying a passphrase, the "Encypt every file" selection should probably be reverted.

This is an installation of 5.03-1 that was upgraded.

--
Bryan Jones

P.S. Love the tool... taking to my executive board of my non-profit on Monday for approval to deploy. We will be donating if this is accepted.

Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

This email has been scanned for viruses and malware, and may have been automatically archived.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20180701/c014eb1d/attachment.html>