Rather large security hole in Touchdown?

  magnavita

    magnavita New Member

    I think I stumbled upon a rather large security hole in Touchdown and its pin entry.

    I have a myTouch with the latest apps and patches on it. Nothing fancy, not rooted.

    If, when you get to the pin entry dialog in Touchdown, you simply switch to the phone app, then use the Back button (or Home, then Back...haven't done extensive testing), you're presented your Touchdown home - no pin entry blocking you, even after a fresh powerup.

    Is this sort of a known hack around these pin-style apps? Or is this a problem with the way Touchdown's pin entry works?

    Either way, a note to the developers is probably warranted? These days, IT depts are getting more and more secure-conscious with powerful phones like this, and may be upset to know that emails and contacts are as insecure as this. It was suggested by my IT dept that I purchase Touchdown a few months ago, and it works great, but this makes me worry.

  Rongo

    Rongo New Member

    can this be reproed over and over?

    We've tried this on a couple devices and haven't been able to make this happen.

    this is a stock ROM, not rooted device, correct?

    Would you please send a mail to support@nitrodesk.com so our support folks can walk you through generating a diagnostics log so that we can see what's happening on your device.


  stevenlong

    stevenlong Well-Known Member

    I can't get this to happen on my dell streak.

    I have noticed that the pin is cached, or there is some time out value associated with when you enter the pin so that if I return to touchdown with a short period of time I will not get the prompt for a pin.
  Rongo

    Rongo New Member

    right....that's a "time-out" setting that's pushed form Exchange. they admin can say that it will only require the PIN if it's been more than 2 minutes since the data was last accessed, etc.

    if anyone else can test the above scenario and report back, please do and let me know what type of device and what version of Android.

  AngryHatter

    AngryHatter Well-Known Member

    The post is 2 years old?
  Yeahha

    Yeahha Usually off topic VIP Member

    We know the devs over at touchdown are on top of their game scouring forums feedback on their app
  Rongo

    Rongo New Member

    yes, it is old, but we had another user report the issue today and referenced this article.

    It's been fixed long ago but we just want to be sure. too many folks are relying on TouchDown to leave anything to chance.

