Closed
Bug 137197
Opened 23 years ago
Closed 14 years ago
Reset Master Password doesn't clear the saved passwords (for mail, web, etc.)
Categories
(Core Graveyard :: Security: UI, defect)
Core Graveyard
Security: UI
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 398886
Future
People
(Reporter: esther, Unassigned)
References
Details
(Keywords: regression, Whiteboard: [kerh-ehz])
Reset Master Password doesn't clear the saved passwords for mail. The steps
below is how this was found, not sure if it has to be in this sequence or if all
the steps are needed. It may fail with just 1 & 5.
1. Launch app
2. Log into mail and save password, exit app
3. Launch app, log into mail and encrypt password. exit app
4. launch app, log into mail, give master password and then select obsecure
password in Tools|Password Manager|Obsecure Password. exit app
5. launch app, reset master password and log into mail Or exit,relaunch and log
into mail makes no difference.
Result: no password needed,
Expected: should have asked for password since I reset Master password which
states "If you reset your master password, you will permanently erase all the
web passwords, email passwords, and form data saved on your behalf by Password
Manager and Form Manager."
Note using branch build 20040412 on winxp and 20020411 on linux.
OS: Linux → All
Comment 4•23 years ago
|
||
My guess is that the message is correct in that all passwords "saved on your
behalf by PASSWORD MANAGER" have been forgotten. But probably there is some
local caching of mail password done by mailnews and that one is not being
forgotten.
In that case it's a mail/news issue.
Assignee: morse → racham
Component: Password Manager → Account Manager
Product: Browser → MailNews
QA Contact: tpreston → nbaca
Comment 5•23 years ago
|
||
Any passwords are saved.
1.) Visit https://pki.mcom.com/testplans/sdr.html
2.) Enter passwords and submit.
3.) Reset master password.
4.) Manage stored passwords.
Notice that the stored passwords are still there.
Comment 6•23 years ago
|
||
In that case it is a password-manager problem. Reassigning back to myself.
Could you please post a detailed step-by-step procedure starting from a fresh
profile for reproducing this problem using the sdr.html site. Thanks.
Assignee: racham → morse
Component: Account Manager → Password Manager
Product: MailNews → Browser
QA Contact: nbaca → tpreston
Comment 7•23 years ago
|
||
1.) Visit https://pki.mcom.com/testplans/sdr.html
2.) Enter username and password in the upper 2 boxes and submit. Say yes to save
your info.
3.) Edit>Prefs>Privacy>Master Passwords>Reset master password.
4.) Edit>Prefs>Privacy>Passwords>Manage stored passwords.
Notice that the stored passwords are still there, though there should be no
stored passwords.
Comment 8•23 years ago
|
||
Oh, so you are not encrypting your passwords. In that case there is no need
form mozilla to throw away all the collected password-manager and form-manager
data, so it is not thrown away. It never was thrown away in that circumstance,
so this could not possibly be a regression (removing regression keyword).
The only purpose of the clear-master-password command is for the user who has
forgotten his master password. If his data is encrypted, he can never get to it
again, and we must throw it away. But if it is only obscurred, we don't have to
be so harsh on him -- his data is still available even though his master
password is forgotten.
So the only problem that I see here is the wording on the dialog which currently
says:
If you reset your master password, you will permanently erase all the
web passwords, email passwords, and form data saved on your behalf by
Password Manager and Form Manager.
The correction is to add the word "encrypted" so that it reads as follows:
If you reset your master password, you will permanently erase all the
encrypted web passwords, email passwords, and form data saved on your
behalf by Password Manager and Form Manager.
Or, better yet, if the data is not encrypted we shouldn't even display the above
dialog.
Keywords: regression
Comment 9•23 years ago
|
||
Based on my comment above, I would not consider this to be nsbeta1
Updated•23 years ago
|
Target Milestone: --- → mozilla1.1alpha
Comment 10•23 years ago
|
||
Removing nsbeta1 keyword. Assigning to cotter for wording change based on
comment #8.
Assignee: morse → cotter
Keywords: nsbeta1
Comment 11•23 years ago
|
||
The text quoted by Steve in comment #8 appears in a couple of places in the
related help text. This is easy to fix, and I will do so.
The text in the dialog itself should probably also be changed. This involves
changing the word "stored" to "encrypted" in two places:
In the Master Passwords panel under Reset Password--new text should read:
If you reset your master password, all your encrypted Web and email passwords
. . .
In the Reset Master Password dialog--new text shoud read:
If you reset your master password, all your encrypted Web and email passwords . . .
Note the additional change to uppercase "Web" in the former--I think there's a
bug about this somewhere, might as well fix it too.
Steve, can you create patches for these dialog changes, at your convenience? I
can steer them through approval, post-beta.
Reporter | ||
Comment 12•23 years ago
|
||
So basically we have taken a feature away from the 6.2.2 users "Clear Sensative
Information" which cleared all saved passwords obscure or encrypted using a menu
item click. It is now replaced with "Reset Master Password" which only clears
not only the the master password but the Certificate for signing and encypting
mail (as well as others). How will the 6.2.2 user know they have to go to the
Password Manager to remove the saved mail passwords. Is there a current spec for
this new UI? I could see a 6.2.2 user using Reset Master Password in place of
Clear Senstitive Information and losing their certificates as I did.
I had a certificate for signing and encrypting mail messages.
I logged into a mail account, saved password and then selected to encrypt the
password, I am asked for my Master Password. I didn't remember giving a Master
Password but since I had just added my cert I suspect it wants the password I
gave while importing it. I give that password and I now have my mail passwords
covered under the same password I have for my Cert. I decided I didn't want my
mail passwords encrypted or saved, I selected Reset Master Password and I lost
my Cert and had to import it again.
Note: With 6.2.2 Clear Sensitive Information did not remove my Cert.
Reporter | ||
Comment 13•23 years ago
|
||
cc'ing jglick
Comment 14•23 years ago
|
||
> So basically we have taken a feature away from the 6.2.2 users
We haven't taken anything away. This feature hasn't changed. This is the way
it always worked.
> With 6.2.2 Clear Sensitive Information did not remove my Cert.
Are you sure about that?
Reporter | ||
Comment 15•23 years ago
|
||
In 6.2.2 (and earlier) Clear Sensitive Infomation would clear our all email
saved passwords from the password manager even if they were only saved as
obscure. It did not remove the Certificate. When user exited app and
relaunched the app, they would then be asked for a password for each email
account before logging in.
Reporter | ||
Comment 16•23 years ago
|
||
The feature we're taking away is the "Clear Sensitive Information" menu item.
Comment 17•23 years ago
|
||
OK, I apologize, you are right. The change came about in bug 102709 comment 19.
Reporter | ||
Comment 18•23 years ago
|
||
Thanks for pointing me to the bug, I've added this comment to that bug.
Unfortunately renaming the menu item "Clear Sensititve Informtion" to "Reset
Master Password" does more than a name change. The functionality is very
different and can confuse the user who has used "Clear Sensitive Information".
An example:
1.) I am a user who saved passwords for some of my mail accounts and have used
Clear Sensitive Information to remove those saved passwords from the Password
Manager.
2.) I have now added a cert to allow me to sign and encrypt mail messages
3.) I have gone to my mail account settings and assigned that cert to a mail
account and have successfully signed and encrypted mail messages.
3.) I have some saved mail passwords and decided to Clear Sensitive Information
so I can reset the mail passwords I want to be saved (this is how I did it in
6.2.2), so I use Reset Master Password which sounds the same and is in the same
location as Clear Sensitive Information.
Result: Sending fails because the cert has been removed. I get a message
"Unable to sign message. Please check that the certificates specified in Mail &
Newsgroups Accounts Settings for this mail account are valid and trusted."
Because of the remembered behavior of 6.2.2. when using Clear Sensitive
Information I have no idea that my cert is now gone and my mail passwords are
still saved.
To Send messages, the user must now figure out they deleted their cert and
import it again AND/OR uncheck the mail accounts settings for Security even
though it still shows the cert name in the list box. They must also figure out
that they now need to go to the Password manager to remove the mail servers from
the Saved Passwords list.
For backward compatibility and to avoid user confusion: Why can't we keep "Clear
Sensitive Information" working the same way but maybe word it differently so
the user knows it only removes the saved obscure passwords and add "Reset Master
Password" for those who have encrypted their passwords stating it will remove
the saved passwords as well as the master password and certs.
Component: Password Manager → S/MIME
Product: Browser → PSM
Target Milestone: mozilla1.1alpha → ---
Version: other → 1.01
Comment 19•23 years ago
|
||
I agree it will potentially be very confusing and fustrating for users who click
"Reset Master Password" and later discover that Signing and/or Encryption in
Mail don't work. They probably won't realized "Reset Master Password" removed
their certificates and think something is broken.
Comment 20•23 years ago
|
||
See also Bug 136781. Clearing master passwords and/or deleting the certificates
currently used to configure the smime settings needs to trigger a cleansing of
the user prefs.
At this point, the only work around is to go into the prefs.js file and blank
out the configured certs and set the signing policy to false and the encryption
policy to 0. Not a very good workaround...
Looks like there needs to be tighter integration among mail, psm, and password
mgmt, particularly when secure mail is configured.
Also added the regression keyword, as we have inadvertantly replaced prior
functionality with something 'else'. Ideally resetting the master password
would allow the option to wipe the slate clean, which used to be the
case with the 'Clear Sensitive Information' operation.
Bug 102709 comment 19:
>> When the passwords are obscured, you're not proposing to reset the master
>> password, but if the passwords are encrypted, you're proposing to reset the
>> master password in addition to deleting the store passwords? The same click
>> would have vastly different effects. A delete all button should just have
>> that functionality.
>
>I'm a little confused as to whether you are describing the way you think it
>should be or that way it currently is. So let me tell you what we currently
>have and why.
>
>The setting of the encrypt/obscure toggle has no effect on the delete-all. In
>either case, all stored form-manager and password-manager information s deleted
>and the master password is reset. Due to an oversight, the resetting of the
>master password was not being done. Furthermore, the encrypt/obsure state was
>set to obscure. This bug report asked that the toggle not be changed. The
>patch maintains the original state of the toggle and also adds the resetting of
>the master password which was accidentally left out of the original
>implementation (although by design it was supposed to be there).
>
>The reason for this behavior goes back to the reason that this menu item was
>added in the first place. It was put in because marketing asked that a user
>who forgot his master password has to have some way to recover.
Nominate nsbeta1 (as this really needs to be fixed by RTM), upped priority as
well - users will hit this setting up their smime accounts.
Comment 22•23 years ago
|
||
The help text changes described in Comment #11 have been implemented. It's not
clear to me what else needs to be done to fix this bug.
Note that the Master Passwords prefs panel, the Rest Master Password dialog, and
context-sensitive help all warn that resetting the master password will result
in losing access to your certs.
Reassigning to morse but not really sure who this belongs to now.
Assignee: cotter → morse
Updated•23 years ago
|
Target Milestone: --- → Future
Comment 23•22 years ago
|
||
Summary:
- we removed the "clear sensitive data" feature
- we did so, because we made the incorrect assumption, that "reset master
password" would do the same
- but in fact, if web/mail passwords are only obscured, not encrypted, resetting
the master password will not forget the stored passwords
- we confuse the user, because when a user resets the master password, we say
that remembered other passwords will be cleared
I suggest:
- re-add the "clear sensitive data" feature
- make the "reset master password" behaviour smarter. Make it detect whether web
passwords encrypted or obscured. If they are obscured, do not mention them in
the warning.
Updated•22 years ago
|
Priority: P1 → --
Comment 24•22 years ago
|
||
It seems to me that all the functionality is there, but more combersome. If you
want to do what the old "clear sensitive information did", you need to go to the
password manager dialog and do "remove all", then to the form manager dialog and
"remove all".
The issue now is to make those removals easier than having to go to the two
dialogs. Perhaps a single menu item called "clear sensitive data". Perhaps a
top-level item on the pref panel for form-manager and password-manager just like
"reset master password" is now a top-level pref-panel item for master password.
So it's a UE issue as to which we do. Reassigning.
Assignee: morse → marlon
Comment 25•19 years ago
|
||
Was able to reproduce this bug.
Mac OsX 10.4.1
Updated•19 years ago
|
Whiteboard: [kerh-ehz]
Updated•18 years ago
|
QA Contact: tpreston → ui
Comment 26•17 years ago
|
||
This will be fixed when TB/SM switches to the new login manager.
Depends on: 239131
Comment 27•16 years ago
|
||
Bug 239131 has been marked fixed. Comment 26 predicted this bug would be fixed, too. Is it fixed?
Comment 28•16 years ago
|
||
On the other hand, I think the "reset master password" user interface feature got removed from Thunderbird (and from Firefox). I don't understand why that happened...
Anyway, this means, in order to test this bug one would have to use SeaMonkey...
I remember someone mentioning a workaround for Firefox, which is to enter the chrome:// url for the reset-password dialog in a browser window. Given the lack of browser windows in Thunderbird, this workaround won't work there...
Comment 29•14 years ago
|
||
I think:
* this bug should be assigned to "password management"
* the password should reintroduce the option to reset the master password
* if executed, all stored passwords should be deleted
(as they can't be decrypted anyway)
However, I'm not sure if "password management" is a core platform feature, or a Firefox feature these days?
Please advice.
Assignee: kaie → nobody
Summary: Reset Master Password doesn't clear the saved passwords for mail → Reset Master Password doesn't clear the saved passwords (for mail, web, etc.)
Comment 30•14 years ago
|
||
This was fixed by bug 398886.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
Assignee | ||
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•