Closed Bug 501297 Opened 15 years ago Closed 15 years ago

Show password option is a security laps

Categories

(Toolkit :: Password Manager, defect)

Product:
Toolkit
Component:
Password Manager
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 259996

People

(Reporter: wajahat, Unassigned)

Details

User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Build Identifier: Mozilla Thunderbird version 2.0.0.22 (20090605)

Saved passwords can be disclosed by a few clicks. For corporate users this seems to be a major security laps as anyone having a little understanding can access emails of other people. For e.g. Junior IT support staff can retrieve and login to Senior management email accounts.

Although it can be avoided by setting a master password which is not disclosed but why set a password to protect passwords? The master password keeps prompting several time and causes irritation.

Reproducible: Always

Steps to Reproduce:
1.Navigate to Tools > Options > Privacy > Passwords
2.Click on Edit Saved Passwords.
3.A list of accounts saved by password manager will be displayed.
4.Click on Show Password and all passwords will be disclosed.
Component: Security → Password Manager
Product: Thunderbird → Toolkit
QA Contact: thunderbird → password.manager
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.