Closed Bug 1619464 Opened 6 years ago Closed 6 years ago

Search Lockwise by password

Categories

(Firefox :: about:logins, defect)

Product:
Firefox
Component:
about:logins
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1634906

People

(Reporter: mero11.gh, Unassigned)

References

Details

(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])

I'm using Firefox 73.0.1 on Ubuntu. When I open the builtin password manager (Lockwise) I can search for the account I'm looking for by searching for the username, website or the associated email. However I noticed I can also find my accounts by searching for their passwords.
For instance, if I have an account on example.com with the username: Cool and password: beans123 ; I can find the account by searching "beans123" or even a few initial characters. So I can "find" a password without ever revealing it.

Flags: sec-bounty?
Component: Security → Password Manager
Product: Firefox → Toolkit

This is a feature, not a bug. If you don't want this behaviour you can set a master password (bug 1592050).

Status: UNCONFIRMED → RESOLVED
Type: task → defect
Closed: 6 years ago
Component: Password Manager → about:logins
Depends on: 1567423
Product: Toolkit → Firefox
Resolution: --- → WONTFIX
Blocks: 1567423
No longer depends on: 1567423
Group: firefox-core-security
Flags: sec-bounty? → sec-bounty-
See Also: → 1765473

Might be more useful to collect these as dupes.

Resolution: WONTFIX → DUPLICATE
You need to log in before you can comment on or make changes to this bug.