1363637 - "Show Passwords" option should remove, It would be hack anyone's important accounts from all/any websites

Status: VERIFIED DUPLICATE of bug 259996

(Toolkit :: Password Manager, defect)

Description

[Vishnu]

Attachment: "Show Password" option shoud remove, Saved Passwords would be bank account details / business ID's / official accounts etc. & Its risky & not secure

Dear Sir,

1) Pls Select "Options" option from "Tools" ( Screenshot )
You will go on : about:preferences
2) Pls click on "Security" option from opened Preferences page ( Scr )
You will go on : about:preferences#security
3) Pls click on "Saved Logins" from that "Security" page ( Scr )
Saved logins box will open
4) Pls click on "Show Passwords" option from that opened "Saved Logins" box ( Scr )
Confirmation box will open 
5) Pls click on "Yes" option from opened Confirmation box ( Scr )

NOTE : 
* As you can see all saved passwords will visible now , Anyone can see saved passwords from someone's Com/PC & It's not good, It would be bank account details / business ID's /  official accounts / or any other  personal important things from all/any Websites.
* May be this "show password" option is not available in Chrome Browser Bcoz Passwords are private & personal, It shouldn't public
* For example - Even if you loss your com/pc or if someone stole it then other person can see your all saves passwords via this "Show Passwords" option 
* It's risky, dangerous & not secure, "Show Passwords" option should remove

OS : Windows 8.1 ( Firefox - 53.0.2 (32-bit) )

Pls refer the Attached Screenshots :

Thx & Regards,
Vishnu

Comment 1

[Daniel Veditz [:dveditz]]

If you set a Master Password then people won't be able to use the Show Password button without entering the password. If you don't have a master password then the passwords are not encrypted in the local file and someone could just copy that file and read it later. Yes, that's slightly more work than clicking a button, but if you leave your computer unlocked around people you apparently don't trust then the untrustworthy person could do either quite easily when you were out of the room.

Comment 2

[Daniel Veditz [:dveditz]]

This is an old request (2004!): bug 259996

We've also gotten the opposite request: show the passwords all the time without having to press the button: bug 399730

Comment 3

[jython.scripts]

16 years ago they were discussing how showing plain text passwords is bad. Now this password manager collects them all into one neat little group so it is very easy to obtain ALL passwords for ALL webpages on ANY unattended pc.

When I showed this exploit to my coworkers and IT dept. they freaked out saying that even their grandmas would be capable of launching this attack and obtaining a lot of critical information (passwords) in a very short time without any expert technical knowledge of the system.

It made me think how corporate unfriendly Firefox is because it "locks the door" but forgets to remove the key, and makes it super easy to gain access to

And I know a master pass is there, but that has so many drawbacks it is practically useless. I am a network technician with a snappy brain, I remember my PWs all day long. I don't want a browser that forces me to use grandma tools that sacrifice my (company's) security without giving options to disable it.

16 years ago this feature should have been allowed to be disabled by prefs. And 16 years later this feature should still been allowed to be disabled by prefs, or removed would be even better. Why no one has ever sued because they were breached by this obvious open vulnerability is beyond me...

Please fix this 16 year old bug so firefox will be much safer in both practice and in theory.

Comment 4

[Matthew N. [:MattN]]

(In reply to jython.scripts from comment #3)

16 years ago they were discussing how showing plain text passwords is bad. Now this password manager collects them all into one neat little group so it is very easy to obtain ALL passwords for ALL webpages on ANY unattended pc.

This hasn't changed in the last 10+ years btw. All we did was change the UI and add more entry points but the function to reveal saved passwords was there.

It made me think how corporate unfriendly Firefox is because it "locks the door" but forgets to remove the key, and makes it super easy to gain access to

How are we "corporate unfriendly" when we provide an enterprise policy to disable this feature? :P

And I know a master pass is there, but that has so many drawbacks it is practically useless. I am a network technician with a snappy brain, I remember my PWs all day long. I don't want a browser that forces me to use grandma tools that sacrifice my (company's) security without giving options to disable it.

We do provide an option to disable it… see above.

16 years ago this feature should have been allowed to be disabled by prefs. And 16 years later this feature should still been allowed to be disabled by prefs, or removed would be even better. Why no one has ever sued because they were breached by this obvious open vulnerability is beyond me...

Have you thought about how trivial it would be for someone to change the pref back? That's not a solution.

Please fix this 16 year old bug so firefox will be much safer in both practice and in theory.

Please use the DisablePasswordReveal enterprise policy if you want to disable this feature.

Comment 5

[jython.scripts]

Hi Matthew, maybe you are right. I was not aware of DisablePasswordReveal policy, I will look at using that for now. I only said it was corporate unfriendly because of the reactions I was seeing when I show my bosses their own passwords and they flipped - maybe it was their fault, who knows but no one ever told them about it.

"""Have you thought about how trivial it would be for someone to change the pref back? That's not a solution."""
Yes I have actually, but after discussions I think it dawned on me the proper implementation for toggleable behavior while also secure.

1. If user disables this pref then Firefox will not show plain text passwords to anyone, ever, including grandma or evil sister.
2. Now user can use autofill unimpeded, password manager, it is now impossible for people use password manager to reveal them.
3. Now (the important bit) if the user wants to re-enable the password manager preference - Firefox states "I will first have to erase all stored passwords before this feature can be enable. Would you like to continue?"

So the password manager could be easily toggled for anyone who actually want's to use it. I personally would not and I think having an organized list of plain text user credentials anywhere makes it tempting for stealing them. I am not sure why anyone would use a password manager unless they are forgetful and too lazy to just go and reset their PWs if they forgot them.

I honestly don't wish to be burdened by DisablePasswordReveal this or MasterPass that, I would be happy if firefox let me just rip that manager out and continue on my way.. But whatever you guys think is best, and after 10+ years of status "won't fix" says it all...