bugzilla.mozilla.org has resumed normal operation. Attachments prior to 2014 will be unavailable for a few days. This is tracked in Bug 1475801.
Please report any other irregularities here.

Fx accounts are not blocked after several attempts to enter wrong passwords

VERIFIED FIXED

Status

()

Firefox
Firefox Accounts
VERIFIED FIXED
2 years ago
8 months ago

People

(Reporter: Petruta Rasa [Away. Please needinfo? bogdan.maris@softvision.ro], Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(firefox49 affected, firefox50 affected, firefox51 affected, firefox52 affected)

Details

[Affected versions]:
- Nightly 52.0a1, Aurora 51.0a2, 50 Beta 6

[Affected platforms]:
- Win 10 64-bit
- Mac OS X 10.11

[Steps to reproduce]:
1. Go to https://accounts.firefox.com/signup
2. Create a new account (I used a @mailinator.com email address)
3. Validate the account using the link from the email
4. Select Sign Out from account's settings
5. On the Sign In page, repeatedly enter a wrong password 

[Expected result]:
- "You've tried too many times. Try again in 15 minutes." should be displayed and the account should be blocked for that time period.

[Actual result]:
- The account is not blocked, "Incorrect password" is displayed no matter how many times user enters a wrong password (Browser console: 19:46:06.979 Incorrect password 1 bdff29e6.main.js:17)

[Regression range]:
- This is not a Firefox regression, old versions are not affected so it could be server side.
I get blocked after a few attempts.
In a private issue (and without giving too many details) :jrgm pointed out that we have some special handling of QA-related accounts that likely explains this.  We'll see about removing them with our next deploy and it should resolve this.
ni?=myself to report back on the results of this
Flags: needinfo?(rfkelly)
I could reproduce this also with @gmail.com and @softvision.ro accounts.
Actually, I'm going to switch the ni? to :jrgm - John, could you please comment here when the config fix hits production, and Petruta can try again?
Flags: needinfo?(rfkelly) → needinfo?(jrgm)
FWIW, I can't reproduce this with a gmail address - after a few attempts I get "You've tried too many times. Try again in 15 minutes."
This change is in production, and the config entry removed. Marking Fixed. :petruta can you re-check your STR now.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Flags: needinfo?(jrgm)
Resolution: --- → FIXED
This works fine now, @mailinator.com, @softvision.ro, @yahoo, and @gmail.com addresses are locket out.
Status: RESOLVED → VERIFIED

Updated

8 months ago
Product: Core → Firefox
You need to log in before you can comment on or make changes to this bug.