When editing a login, the master password is queried at every request to protect unauthorized edits to the login information. However when deleting the logins, the master password is not queried, which gives an unauthorized user the ability to sabotage my saved logins.
In my opinion, this is a gap in the manager’s defenses. There is no point in querying the master password when editing a login if at the same time it is not queried when deleting a login. Either query in both instances or don’t query in either. What do you guys think?