Asked multiple times for password
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
People
(Reporter: funni.clonk, Unassigned)
Details
Attachments
(2 files)
Screenshot
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
Actual results:
When starting Thunderbird i'll be asked multiple times for the password, at least 2 times. I had a workarround for that, an Add-On which managed that for me. But this seems not more maintenanced.
It is caused while another Add-On wants access on the passwords storage to connect via DAV until I've not entered the first password dialog (E-Mail request)
Expected results:
I should be asked just one time for the Masterpassword, maybe before TB starts or before starting loading it's Add-Ons.
|
||
Comment 1•6 years ago
|
||
OK, another chapter in the never ending story of multiple master passwords. The last chapter had to do with a chat password, see bug 1512083.
So now you're saying that some DAV add-on is causing this?
|
Reporter | |
Comment 2•6 years ago
|
||
(In reply to Jorg K (GMT+2) from comment #1)
So now you're saying that some DAV add-on is causing this?
Yeah, it's CardBook (https://addons.thunderbird.net/addon/cardbook/). I used "Startup Master" before, which doesn't let TB load fully until the password is entered or the dialog is aborted (https://addons.thunderbird.net/de/thunderbird/addon/startupmaster). Maybe it could be adapted that Addons are being loaded after the master password dialog (aborted or successful unlocked)
|
|
||
Comment 3•6 years ago
|
||
Magnus, you were involved in the "double master password" issue. Do you see a way forward here (other than removing the master password functionality altogether)?
Reporter, have you contacted the author of CardBook? Maybe he can make some adjustments. Also, there is
https://addons.thunderbird.net/de/thunderbird/addon/master-password/
which is equally not updated for TB 68. We know the author from bugs he reported here on Bugzilla, so maybe we will update his add-on if you ask.
In general, since bug 1176399 was fixed, there aren't so many "double master password" issues left, so that's why those add-ons aren't needed any more by most users.
|
|
Reporter | |
Comment 4•6 years ago
|
||
Also this addon is only compartible with <=TB 62.*.
I don't know if it will be updated, u guess no, because WebExtension is forced in TB 68. The problem on FF57+ is described here: http://htamas.ces.hu/startupmaster/webext.html
In short the API is more restricted so that such operations cannot be executed. I think there is the same problem on TB now, because it seems as both addons stopped maintenance. Maybe you can clearify that.
I did a screenshot and have additional information:
Yesterday right after updating i was forced to enter the password twice, (the 2. dialog appeared after at least 1 second). Today I can start TB. When I don't enter the Masterpassword in a few (5-10) seconds the 2. dialog appears. So the same problem but I have more time for whatever reason. The screenshot shows that the first dislog is in the TB-instance, the second one has it's own window.
|
|
||
Comment 5•6 years ago
|
||
TB 68 still supports "legacy" XUL add-ons and restartless add-ons. There is no reason why those add-on authors couldn't update their add-ons.
|
|
Reporter | |
Comment 6•6 years ago
|
||
Okay, so I was wrong :)
https://www.heise.de/newsticker/meldung/Thunderbird-68-E-Mail-Client-bekommt-grosses-Update-4509097.html
BTW: the bug you mentioned refers only to Google Oauth. I saw now that the original bug 177175 is open since 17 years :(
bug 1359182 is to gives addons access to master passwords, open since 2 years
|
||
Comment 7•6 years ago
|
||
Nothing to add. The easy workaround is to disable MP. Other then that, the bug is likely in the MP implementation.
|
||
Comment 8•5 years ago
|
||
I also have to enter the master password multiple times when I start Thunderbird after the system login - I do have multiple IMAP accounts and I suspect that it has something to do with the initial connection to these accounts.. Sadly, the addons startup master and Master Password+ do not work any more - will there be any fix for this problem?
|
|
||
Comment 9•5 years ago
|
||
We've added a preference security.prompt_for_master_password_on_startup which basically does what startup master did. But no luck so far if you're on Mac (bug 1612456).
|
|
Reporter | |
Comment 10•5 years ago
•
|
||
(In reply to Magnus Melin [:mkmelin] from comment #9)
We've added a preference security.prompt_for_master_password_on_startup
Is there any further documentation about that? The preference has no effect on the startup behaviour: The main window starts and two prompts open. One of them is from the CardBookDAV-addon.
|
|
Reporter | |
Comment 11•5 years ago
|
||
My question is in the cite above.
|
|
||
Comment 12•5 years ago
|
||
What it does is, IF you have a master password, very early in the startup phase you'll have to enter the master password. Which will avoid getting multiple requests later.
|
|
Reporter | |
Comment 13•5 years ago
|
||
Hmmm okay I see no difference in the behaviour. I still get two prompts. Is there something what I've could did wrong?
|
||
Comment 14•4 years ago
|
||
(In reply to funni.clonk from comment #13)
Hmmm okay I see no difference in the behaviour. I still get two prompts. Is there something what I've could did wrong?
Are you still seeing this when using version 78?
With which setting?
|
|
Reporter | |
Comment 15•4 years ago
|
||
Oh excuse me, I didn't recognized activity here. There is at every point only one prompt. I tested letting the prompt opened for a minute and it still was one. On the other side it appears again and again, even if i click on cancel but that is another issue :)
|
|
||
Comment 16•4 years ago
|
||
Thanks for the update
Description
•