Padloc is a secure, encrypted password management system.
This report documents the findings of a penetration test and source code audit carried out by the Cure53 team against the Padlock.io password manager application.
The test’s scope encompassed the app’s Chrome extension, mobile applications and the server API. Since the tasks were guided by the white-box approach, the Cure53 testers had access to application sources. Github was used for sharing sources, as well as functioned as a tool for facilitating communication exchanges between the Padlock’s development team and the Cure53 testers. Throughout the test, dialogue with the application maintainers was professional and
productive, evidencing a commitment to improving the state of security at the Padlock.io.
The full audit and summary of findings can be found below.