Closed Bug 1211424 Opened 9 years ago Closed 9 years ago

Master Password can be bypassed

Categories

(Thunderbird :: Untriaged, defect)

Product:
Thunderbird
Component:
Untriaged
Version:
40 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 318697

People

(Reporter: daimas, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Build ID: 20150917150946

Steps to reproduce:

I consider it a bug if the master password can be bypassed by hitting cancel 5 times.


Actual results:

Certainly can't send or receive emails, but prying eyes can certainly open filed or saved emails.


Expected results:

A master password should never be able to cancel out.
Even without hitting cancel, you can read downloaded emails. They're just stored in plain text on the hard drive. The master password is meant for unlocking your *account-specific* passwords, which are necessary for fetching or sending mail.

If you'd like to prevent other people from reading already-downloaded messages, you'll need to use another method, such as using OS-wide password protection, or if you're really paranoid, an encrypted disk.
same as bug 1060307/bug 318697
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.