Closed Bug 1446947 Opened 6 years ago Closed 6 years ago

Weak Password Protection

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Version:
52 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 973759

People

(Reporter: info, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
Build ID: 20180310025718

Steps to reproduce:

I'm filing this as a bug because it will potentially make using Thunderbird not viable for me.

Please read this article https://mybroadband.co.za/news/security/252799-master-password-in-firefox-is-weak.html

In the modern day it's critical that you can properly protect one's email login credentials. If attackers gain access to your email credentials they can use that to reset your passwords for banking and other websites. Using weak protection is putting us all at risk, especially when its not very difficult to change from a technical point of view as the relevant libraries exist etc. 


Actual results:

Luckily no attack has happened yet, but that does not mean this issue should be ignored.


Expected results:

Up to date password protection methods such as bcrypt, scryot, Argon2 should be used together with strong encryption such as AES256.
Thunderbird is using Mozilla core technology, so if that's "weak" you should file the bug there. Or perhaps there's already a similar bug for Firefox.
bug 973759 where s/he has already commented?
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.