Modification of the passwortd.txt is allowed, making the decrypted password different from the original password, making the user unable to login.
Perhaps there should not be permissions for user to edit password.txt
Steps to Reproduce
add your own data
Quit the app
delete or add some text in password.txt
Launch the app
user is unable to login with correct password
Reasoning for Severity
Although encrypting it offers confidentiality, it does not guarantee other aspects. Users may still accidentally change the password.txt and this is not mentioned in the UG. Users will get blocked out of their data forever if they happen to trigger this bug.
Summary
Modification of the passwortd.txt is allowed, making the decrypted password different from the original password, making the user unable to login.
Perhaps there should not be permissions for user to edit password.txt
Steps to Reproduce
Reasoning for Severity
Although encrypting it offers confidentiality, it does not guarantee other aspects. Users may still accidentally change the password.txt and this is not mentioned in the UG. Users will get blocked out of their data forever if they happen to trigger this bug.