Closed Bug 1262356 Opened 9 years ago Closed 8 years ago

User is able to retrieve his UserName/Password after deleting all the Clear Recent History table

Categories

(Toolkit :: Password Manager, defect)

Product:
Toolkit
Component:
Password Manager
Version:
45 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 472226

People

(Reporter: dileep.kolekar, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0 Build ID: 20160315153207 Steps to reproduce: 1.Open Firefox browser version 41 and above. 2.Perform browsing operations on for many sites 3.Also login to G mail account using valid username and password. 4.Click on any component(if req. Compose/delete or anything else) 5.Now click on Logout button to logout from the user. 6.Now clear all the history and cookies related info of the browser using Clear History button available in the browser's top up-right. 7.Make sure you select all the check boxes and click on delete all. 8.Close the browser after the said operations. Actual results: 1,Re-launch the same Firefox browser again (V41.x and above) 2.Navigate to g mail URL and observe. 3.User is able to retrieve his username and password without providing(as all were deleted previously using the Clear History button Web Element ) Expected results: 1.User should not be able to view his/her previous history, ie..login username/Password autosuggestion as all the data was cleared during the last browsing period.
Component: Untriaged → Form Manager
Product: Firefox → Toolkit
I just tried it on the latest master and this issue is reproducible. It seems like the history clean up won't reset the login profile currently. Hi Matt, is it an expected behavior that login profile is seperated from other historical data, or we should delete all the login profile no matter from history or login manager?
Flags: needinfo?(MattN+bmo)
a) We don't automatically save the password (with the username) so the STR are missing saving it b) We may save the username in form history but that should be cleared with the "Form and Search History" checkbox. c) It is intentional that we don't delete saved logins with Clear Recent History as it can be a big problem if accidentally deleted. See bug 472226.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Component: Form Manager → Password Manager
Flags: needinfo?(MattN+bmo)
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.