This project has moved. For the latest updates, please go here.

[Security risk] Veracrypt remembering last opened location

Topics: Feature Requests, Technical Issues, Users Discussion
Jan 24 at 1:42 AM
Even though I have "Never save history" enabled (and it works properly in the sense that the file path doesn't show up in the drop-down window), but when I click on "Select File...", Veracrypt remembers where I last opened my .tc file and points directly in that folder. Is this not a security risk? Why doesn't it default to the user's root directory instead (or at least allows for this option)?
Jan 28 at 12:50 PM
What version of Windows OS and VeraCrypt are you running?

What folder is VeraCrypt opening? Is it the user's Documents folder?
Jan 31 at 9:14 PM
Does that "memory" survive a reboot?

I have noticed that in Win7 if I dismount a container and then remount it again later without rebooting, it will remember what drive letter I last used. This may be related. However, once I reboot it no longer remembers.
Feb 2 at 11:11 PM
I noticed that this happens on the Mac OS... fix it guys.
Developer
Feb 3 at 5:48 AM
Probably this is Fast startup aka Hybrid boot and shutdown
https://veracrypt.codeplex.com/wikipage?title=Issues%20and%20Limitations
Feb 27 at 9:18 AM
Enigma2Illusion wrote:
What version of Windows OS and VeraCrypt are you running?

What folder is VeraCrypt opening? Is it the user's Documents folder?
Sorry I didn't realize there are responses; I checked the option to be notified by email when someone replies but never gotten any emails.

Anyway I'm on Mac OSX 10.11.6, and on Veracrypt 1.19.

Veracrypt is opening whatever folder I last opened a veracrypt volume, which in this case was a folder within my Dropbox folder (and which resides within my user's default directory)
Feb 27 at 9:21 AM
fredmau wrote:
Does that "memory" survive a reboot?

I have noticed that in Win7 if I dismount a container and then remount it again later without rebooting, it will remember what drive letter I last used. This may be related. However, once I reboot it no longer remembers.
Haven't tried after a reboot, but even if it works properly after a reboot, shouldn't it work WITHOUT a reboot? It feels like a pretty major security risk if someone can simply find out where my encrypted volume files reside by clicking on the "select file" button before I have a chance to reboot.
Feb 27 at 9:22 AM
kavsrf wrote:
Probably this is Fast startup aka Hybrid boot and shutdown
https://veracrypt.codeplex.com/wikipage?title=Issues%20and%20Limitations
I'm not on Windows -- using Mac OSX 10.11.6, Veracrypt 1.19.