Open Bug 1574635 Opened 6 years ago Updated 3 years ago

Better handle usernames/passwords that cannot be decrypted due to changed keys or leftover base64 values

Categories

(Toolkit :: Password Manager, defect, P3)

Product:
Toolkit
Component:
Password Manager
Type:
defect

Tracking

()

People

(Reporter: MattN, Unassigned)

References

Details

(Whiteboard: [passwords:tech-debt])

See bug 1571555 and bug 1571183 where users saw no logins on about:logins due to bad login data. Even if we workaround these in APIs that fetch all logins, it still causes problems for countLogins() which doesn't actually try to decrypt values and therefore can lead to about:protections showing one count of logins while about:logins shows a smaller value.

I think there are two main cases to handle:

  • Leftover ENCTYPE_BASE64 values that couldn't be migrated to ENCTYPE_SDR
    ** For these we could filter out or delete (after taking a backup) logins with an encType we don't support. ENCTYPE_BASE64 migration code was removed a long time ago.
  • Other values which cannot be decrypted e.g. if key4.db was deleted or someone else wrote garbage username/password values in the file.
    ** We can probably just delete these (after making a backup) assuming the encType is ENCTYPE_SDR/ENCTYPE_BASE64 and not an unknown future value.
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.