Closed
Bug 1232227
Opened 8 years ago
Closed 4 years ago
oauth token for gmail incorrectly saved when "Use password manager to remember" box is unchecked
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: x.xeroid, Unassigned)
References
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.80 Safari/537.36 Steps to reproduce: Using LXLE 14.04.3. Setup GMail account in new install of Thunderbird. Entered email and password, leaving the save password box unchecked. Actual results: Thunderbird still remembers the password. Expected results: I should have been prompted for a password. This is a security issue with laptops.
Comment 1•7 years ago
|
||
Kenneth I could not reproduce with a non-gmail account. Does it happen for you with non-gmail account? if only gmail, what auth process did you use? oauth? app password?
Flags: needinfo?(x.xeroid)
Whiteboard: [closeme 2016-12-15]
Wayne I cannot reproduce this with a non-gmail account either. I used the default settings Thunderbird creates, oauth2, etc. I'm not signing in with app password. Even though I don't have the laptop using LXLE 14.04.3., I am using Thunderbird under Xubuntu 16.04 on a new one. Keyring is disabled.
Updated•7 years ago
|
Blocks: 849540
Component: Untriaged → Security
Summary: Password remembered with unchecked box → Password for gmail incorrectly saved when "Use password manager to remember" box is unchecked
Updated•7 years ago
|
Flags: needinfo?(x.xeroid)
Whiteboard: [closeme 2016-12-15]
Comment 4•4 years ago
|
||
is saving the oauth token is desired default behavior regardless of the checkbox?
if so, then invalid?
Flags: needinfo?(mkmelin+mozilla)
Summary: Password for gmail incorrectly saved when "Use password manager to remember" box is unchecked → oauth token for gmail incorrectly saved when "Use password manager to remember" box is unchecked
Comment 5•4 years ago
|
||
I'd say this is how it should be working. The account setup is a bit of a special case, but since how things work for any other later cases you simply never get the option of saving or not, when it comes to OAuth.
Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Flags: needinfo?(mkmelin+mozilla)
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•