Closed Bug 119107 Opened 23 years ago Closed 23 years ago

Usernames and passwords not secure.

Categories

(SeaMonkey :: Passwords & Permissions, defect)

Product:
SeaMonkey
Component:
Passwords & Permissions
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
VERIFIED INVALID

People

(Reporter: geeknik, Assigned: morse)

Details

From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:0.9.7+) Gecko/20020109 BuildID: 2002010903 Close Mozilla if it is open. Go someplace that you have a username/password saved. When the master password prompt comes up, click cancel twice. Click on the login button. Up comes the master password prompt. Click cancel twice. Now it asks if you want Password Manager to remember this logon(even though it already remembers it). Click No. Now click on the login button. Lets you in. Completely bypasses the master password. What point is there in having a password? Reproducible: Always Steps to Reproduce: See Description. Actual Results: See Description. Expected Results: It should keep asking for the master password. If you don't supply the master password, then the username/password(or other stored info) isn't entered into the forms.
> Close Mozilla if it is open. Go someplace that you have a username/password > saved. How can I "go someplace" if I just closed the browser? > When the master password prompt comes up, ... So I presume that at some point you said that you want to have your data encrypted (otherwise you would never get this prompt). You forgot to mention that. I'm assuming that these are the set of steps that you meant to post: 1. Create fresh profile 2. Visit a site that requests a password 3. Enter the password 4. Answer yes when password manager asks if you want to save password 5. Encrypt saved passwords (tasks->privacy->password->encrypt) 6. Exit and restart browser (presumably to get rid of cookies and log out of master password) 7. Return to password site 8. Click cancel when asked for master password 9. Enter password for this site and press login 10. password manager asks if you want to save even though it is already saved << this is perfectly normal. Since you didn't give your master password, password manager can't read your saved passwords and doesn't know that this one is already saved >> 11. site lets you in even though you didn't give your master password << again perfectly normal. You did fill in your username/password on the form so that's why the site is letting you in. The fact that you didn't give your master password merely prohibits password manager from accessing your previously-saved passwords, but it doesn't prohibit you from visiting sites and giving the passwords manually.>> Therefore I don't see a problem. Closing this out as invalid. If my interpretation of your steps are incorrect and you believe that there is still a problem, then give the correct sequence of steps and reopen.
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → INVALID
Agreed, marking verified
Status: RESOLVED → VERIFIED
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.