Closed Bug 157819 Opened 23 years ago Closed 23 years ago

passwords could be stolen by stealing whole profile

Categories

(Core Graveyard :: Profile: Migration, enhancement)

Product:
Core Graveyard
Component:
Profile: Migration
Platform:
x86
Windows XP
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED INVALID

People

(Reporter: bugzilla, Assigned: racham)

Details

From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.1a) Gecko/20020611 BuildID: 2002061104 I copied my profile to another computer and was able to access all my stored passwords without any confirmation that I am the legal user. Reproducible: Always Steps to Reproduce: 1. migrate your profile 2. call up pages on which you used the password-manager Actual Results: The password-manager filled out the forms. I was not asked wether I am the legal user of this profile or not. Expected Results: Mozilla should ensure that I am the legal user of this profile. It should not be possible to go to someone's computer and steal all his private data by copying his profile and migrating it to another computer. This might be done by a general password for a profile or by locking a profile to certain computer-hardware or software-installation.
This is done by setting a Master Password. Reporter: if this fixes your problem, please resolve this bug as WFM.
You must encrypt your passwords. (edit\preferences\Privacy&Security\Passwords) -> invalid
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → INVALID
Verified invalid
Status: RESOLVED → VERIFIED
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.