Security issue with creation of self-decrypting archive
I have a security issue with creation of self-decrypting archive.
When the self-decrypting archive, exe file, is created all included files are copied to temporary folder, which is defined in Windows User Variables, e.g. TMP=%USERPROFILE%\Local Settings\Temp, and the folder could for example be named PGP3D.
The files, which are included in the archive, that has Read-Only attribute will not be deleted after the archive has been created, and therefore still remain in the TEMP folder.
This is of course a security issue!
This has been tested on PGP Desktop version 10.1.1 and also on the latest PGP Desktop version 10.1.2 version.
Also, are the files simply deleted from the TEMP folder or are they wiped?