Menu

#2481 Encrypted contents kept in the clear

None
open-rejected
nobody
Security (1)
9
2024-07-08
2024-06-05
Eric Brown
No

If you encrypt a file with 7zip, it keeps a clear text copy in the temp folder under your user profile and it keeps adding another clear text file each time you unencrypt the file. So if you use 7zip to encrypt sensitive data, the sensitive data is left unencrypted on the machine. Very bad! Please fix.

Discussion

  • Igor Pavlov

    Igor Pavlov - 2024-06-05

    Please describe all steps to reproduce that case.

     

  • Eric Brown

    Eric Brown - 2024-07-08

    Here’s the process and result:

    Open 7zip and find the file you want to encrypt and highlight it.

    Click the Add button

    Enter a password and select the encryption method

    Icon created (or you can just open 7zip, find the file, and open the file that way)

    Double click the file and enter the required password.

    File opens and the clear text file is added to the following location:
    C:\Users\username\AppData\Local\Temp

    The folder in the Temp directory will start with 7z and a new folder will be created each time you open the file.

    The contents are unencrypted and in the clear

     

  • Igor Pavlov

    Igor Pavlov - 2024-07-08

    7-zip can't send .txt file from archive to notepad.
    So 7-zip creates temp folder, extracts .txt file to temp folder and then calls notepad.
    When you close notepad, 7-zip deletes temp folder.

     

  • Igor Pavlov

    Igor Pavlov - 2024-07-08
    • private: Yes --> No
    • Group: -->
     

  • Igor Pavlov

    Igor Pavlov - 2024-07-08
    • status: open --> open-rejected
     

Log in to post a comment.