[Lock Screen]If you press power key twice, the time waiting for next round of retry will be reset.

RESOLVED WORKSFORME

Status

RESOLVED WORKSFORME
4 years ago
3 years ago

People

(Reporter: yi.zou, Unassigned, NeedInfo)

Tracking

unspecified
ARM
Gonk (Firefox OS)

Firefox Tracking Flags

(b2g-v2.2 affected, b2g-master affected)

Details

(Whiteboard: [2.2-nexus-5-l])

Attachments

(2 attachments)

(Reporter)

Description

4 years ago
Created attachment 8597163 [details]
0445.MP4

[1.Description]:
[Nexus5 v2.2&v3.0][Flame v2.2&v3.0]If you press power key twice, the time waiting for next round of retry to input password will be reset.
Found time:04:45
Attachment:0445.MP4,logcat-0445.txt

[2.Testing Steps]: 
1. Set lock screen.
2. Press power key for twice.
3. Input wrong password at least 15 times.
** You must wait for a while and retry  after you input the wrong password many times.
4. Press power key for twice.

[3.Expected Result]: 
4. When you press power key for twice, the time waiting for next round of retry to input password will not be reset.

[4.Actual Result]: 
3. You don't need to wait and can retry inputting password if you press power key twice.



[5.Reproduction build]: 
N5 v2.2 build(Affected):
Build ID               20150423002502
Gaia Revision          b838d0e7c163e66660dcb6e387d8339944a7a30e
Gaia Date              2015-04-23 02:32:46
Gecko Revision         https://hg.mozilla.org/releases/mozilla-b2g37_v2_2/rev/8dce56574f28
Gecko Version          37.0
Device Name            hammerhead
Firmware(Release)      5.1
Firmware(Incremental)  eng.cltbld.20150423.035409
Firmware Date          Thu Apr 23 03:54:27 EDT 2015
Bootloader             HHZ12f

Nexus_5 3.0 build(Affected):
Build ID               20150423160207
Gaia Revision          0c5e2ee1173f3c53379ef3cd10de714836258fe8
Gaia Date              2015-04-23 16:10:10
Gecko Revision         https://hg.mozilla.org/mozilla-central/rev/22a157f7feb7
Gecko Version          40.0a1
Device Name            hammerhead
Firmware(Release)      5.1
Firmware(Incremental)  eng.cltbld.20150423.192918
Firmware Date          Thu Apr 23 19:29:36 EDT 2015
Bootloader             HHZ12f

FLame 2.2(Affected):
Build ID               20150423002502
Gaia Revision          b838d0e7c163e66660dcb6e387d8339944a7a30e
Gaia Date              2015-04-23 02:32:46
Gecko Revision         https://hg.mozilla.org/releases/mozilla-b2g37_v2_2/rev/8dce56574f28
Gecko Version          37.0
Device Name            flame
Firmware(Release)      4.4.2
Firmware(Incremental)  eng.cltbld.20150423.035703
Firmware Date          Thu Apr 23 03:57:16 EDT 2015
Bootloader             L1TC000118D0

Flame 3.0(Affected):
Build ID               20150423160207
Gaia Revision          0c5e2ee1173f3c53379ef3cd10de714836258fe8
Gaia Date              2015-04-23 16:10:10
Gecko Revision         https://hg.mozilla.org/mozilla-central/rev/22a157f7feb7
Gecko Version          40.0a1
Device Name            flame
Firmware(Release)      4.4.2
Firmware(Incremental)  eng.cltbld.20150423.193607
Firmware Date          Thu Apr 23 19:36:18 EDT 2015
Bootloader             L1TC000118D0


[6.Reproduction Frequency]: 
Always Recurrence,5/5

[7.TCID]: 
Free Test
(Reporter)

Comment 1

4 years ago
Created attachment 8597166 [details]
logcat-0445.txt
(Reporter)

Updated

4 years ago
status-b2g-v2.2: --- → affected
status-b2g-master: --- → affected
According to https://bugzilla.mozilla.org/show_bug.cgi?id=1090758#c3, if user input wrong pwd more and more times, the delay time will be doubled for every attempt. So, if user can reset the delay by locking&unlocking device, the design will be meaningless. 
In other words, if device is stolen, the non-owner can try to input possible pwd constantly using the bug. So, it is also a security problem.
FWD to system frontend.
Flags: needinfo?(hcheng)
After pressing power button twice, actually the timer is not reset if you press a wrong password again. However, I would agree that user should not be able to input password immediately after back from power button which leaves a backdoor for the timer design.

Maybe, we can grey out the keyboard until the time is up, but this UX design would be really bad.

NI developer and UX owner for more input.
Flags: needinfo?(pla)
Flags: needinfo?(hcheng)
Flags: needinfo?(arthur.chen)
Redirect to Greg who is working on lock screen.
Flags: needinfo?(arthur.chen) → needinfo?(gweng)
While I may fix this, I think this is a bug from very old version. So we may need to add regression window wanted to make sure if it's a regression. However, maybe because security bug is first priority, whether it's a regression isn't so important.
Flags: needinfo?(gweng)

Comment 7

4 years ago
When you enter the passcode incorrectly, the dots as well as input fields turn red.  Perhaps it can just reuse this state after the user presses the power button twice, and slides the unlock control to show the passcode screen again?

needinfo Rob for opinion.
Flags: needinfo?(pla) → needinfo?(rmacdonald)
(Reporter)

Comment 8

3 years ago
This bug can not be repro on latest Aries KK v2.5&master and Flame KK v2.2&2.5&master 512mb, so I close this bug, if anyone can repro it, please reopen again, thanks.

Occurrence rate: 0/10

Device: Aries KK v2.5(Pass) 
Build ID               20151208121136
Gaia Revision          2d54c29f429bed790b5d8284633812dc2b782518
Gaia Date              2015-12-02 14:41:15
Gecko Revision         http://hg.mozilla.org/releases/mozilla-b2g44_v2_5/rev/ff31a251b2f6149edf4fc0a199133ef2e190ceac
Gecko Version          44.0a2
Device Name            aries
Firmware(Release)      4.4.2
Firmware(Incremental)  eng.worker.20151208.111803
Firmware Date          Tue Dec  8 11:18:12 UTC 2015
Bootloader             s1

Device: Aries KK master(Pass) 
Build ID               20151208222037
Gaia Revision          6b430ea7274af4c352de16b75e6bb85d7621ca83
Gaia Date              2015-12-08 06:31:07
Gecko Revision         https://hg.mozilla.org/mozilla-central/rev/a8965ae93c5d098a4f91ad9da72150bb43df07a7
Gecko Version          45.0a1
Device Name            aries
Firmware(Release)      4.4.2
Firmware(Incremental)  eng.worker.20151208.213715
Firmware Date          Tue Dec  8 21:37:23 UTC 2015
Bootloader             s1

Device: Flame KK v2.2 512mb(Pass)
Build ID               20151206032510
Gaia Revision          885647d92208fb67574ced44004ab2f29d23cb45
Gaia Date              2015-10-07 13:05:24
Gecko Revision         https://hg.mozilla.org/releases/mozilla-b2g37_v2_2/rev/4381c4b69b9c
Gecko Version          37.0
Device Name            flame
Firmware(Release)      4.4.2
Firmware(Incremental)  eng.cltbld.20151206.064607
Firmware Date          Sun Dec  6 06:46:19 EST 2015
Firmware Version        V18D V4
Bootloader             L1TC000118D0

Device: Flame KK v2.5 512mb(Pass) 
Build ID               20151208120554
Gaia Revision          2d54c29f429bed790b5d8284633812dc2b782518
Gaia Date              2015-12-02 14:41:15
Gecko Revision         http://hg.mozilla.org/releases/mozilla-b2g44_v2_5/rev/ff31a251b2f6149edf4fc0a199133ef2e190ceac
Gecko Version          44.0a2
Device Name            flame
Firmware(Release)      4.4.2
Firmware(Incremental)  eng.worker.20151208.111719
Firmware Date          Tue Dec  8 11:17:29 UTC 2015
Firmware Version        V18D V4
Bootloader             L1TC000118D0
 
Device: Flame KK master 512mb(Pass)
Build ID               20151207150206
Gaia Revision          24ed003a53a81f63367e265fa7117cbe7d23d4c8
Gaia Date              2015-12-07 03:36:55
Gecko Revision         https://hg.mozilla.org/mozilla-central/rev/59bc3c7a83de7ffb611203912a7da6ad84535a5a
Gecko Version          45.0a1
Device Name            flame
Firmware(Release)      4.4.2
Firmware(Incremental)  eng.cltbld.20151207.185638
Firmware Date          Mon Dec  7 18:56:50 EST 2015
Firmware Version        V18D V4
Bootloader             L1TC000118D0
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WORKSFORME
(Reporter)

Updated

3 years ago
QA Whiteboard: [MGSEI-Triage+]
You need to log in before you can comment on or make changes to this bug.