[macOS] The operating system’s authentication dialog can't be accepted if the OS doesn't have any password set
Categories
(Firefox :: about:logins, defect, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox74 | --- | unaffected |
| firefox75 | --- | unaffected |
| firefox76 | --- | verified |
People
(Reporter: cmuntean, Assigned: spohl)
References
Details
Attachments
(3 files, 1 obsolete file)
OS auth dialog.png
[Affected versions]:
- Firefox Nightly 76.0a1 (Build ID: 20200319215651)
[Affected Platforms]:
- Mac 10.15.3
- Mac 10.14.6
[Prerequisites]:
- Have a profile with at least one saved login.
- No OS password is set.
[Steps to reproduce]:
- Open the latest Nightly Firefox browser.
- Navigate to the "about:logins" page and select a saved password.
- Click on the "Show Password" or "Copy" or "Edit" button from the login item.
- Observe the behavior.
[Expected result]:
- The password is shown or copied or the edit more is opened without entering any password.
[Actual result]:
- The operating system’s authentication dialog is displayed even if no OS password is set.
[Notes]:
- The issue is also reproducible if trying to check the "Use a master password" option from "about:preferences#privacy" page.
- The OS auth is triggered and the "OK" button is clicked two times, the dialog is dismissed. However, this doesn't happen if an OS password is set. This behavior can be observed in the screen recording added bellow.
- No errors are displayed in the browser console.
- This issue is no longer reproducible on Windows.
- Attached a screen recording with the issue: link.
|
||
Comment 1•4 years ago
|
||
I don't necessarily think it's a bug that the dialog appears, the problem is that the user can't accept the dialog with an empty password.
|
|
||
Comment 2•4 years ago
•
|
||
I had to follow instructions at https://www.reddit.com/r/MacOS/comments/8z2wo8/can_i_set_a_password_less_than_4_characters/e6l7331 to allow an empty password
|
||
Comment 4•4 years ago
|
||
|
|
||
Comment 5•4 years ago
|
||
Hi Cosmin, can you test with this build and see if you are still able to reproduce the issue?
https://treeherder.mozilla.org/#/jobs?repo=try&revision=3c7a27a798e7fc776b3474c984f99db83114a2ea
|
Reporter | |
Comment 6•4 years ago
|
||
Hi Jared! I just tested this issue on macOS 10.14.6 with the provided build but the issue is still reproducible. I have encountered the same behavior described in comment 0. Please let me know if you need any other information.
|
|
||
Comment 7•4 years ago
|
||
I tried doing the steps in the video of comment #0 but it says that a password is required. How were you able to create an account on 10.15.3 without a password?
|
|
Reporter | |
Comment 8•4 years ago
|
||
In order to remove the macOS password I have opened the "System Preferences" menu -> "Users & Groups" option and select the OS account. In the right part of the menu, there is a "Change Password..." button. Click the button, enter the old password and leave the "New password" and "Verify" fields empty and click the "Change Password" button. Now the account doesn't have a password and when I log in to this account, no password is required. However, on "about:logins" page the OS auth dialog is displayed and requires the OS password.
I have added in the "Notes" section at the last dot a link with a screen recording and contain also steps on how I have removed the OS password.
|
|
||
Comment 9•4 years ago
|
||
Thank you, yes I followed the steps in your video and it is not allowed on my machine, though I now think it may be because I have FileVault enabled.
|
|
Reporter | |
Comment 10•4 years ago
|
||
I just looked at how Chrome handles this. On Chrome, if the OS account has an empty password, when I click the "Show password" button, the OS auth dialog is triggered and If I let the password field empty and click the "OK" button, the password is shown. On Firefox (latest Nightly build) if I let the password field empty and click the "OK" button the password is not shown and the OS auth dialog repapers.
|
|
||
Comment 11•4 years ago
|
||
Can you test with this build and let me know what text appears in the alert dialog that shows up?
https://treeherder.mozilla.org/#/jobs?repo=try&revision=213bcf4d96d0fcc757171bdd36171028e631daaa
|
|
Reporter | |
Comment 12•4 years ago
|
||
Here is a screenshot with the OS auth dialog that is triggered when trying to reveal the password made on the latest build provided. However, the issue is still reproducible on this build.
|
|
||
Comment 13•4 years ago
|
||
After you hit "OK" from that dialog is there another dialog that pops up? I added a second dialog that would show what error was returned.
|
|
Reporter | |
Comment 14•4 years ago
|
||
The same dialog pops up, it's identical with the first one. If I click "OK" on the second dialog, it's dismissed and no other dialog pops up.
|
Assignee | |
Comment 15•4 years ago
|
||
|
|
||
Comment 17•4 years ago
•
|
||
Steps to allow/set an empty password (macOS 10.15.3):
- Log into the account you want to change to an empty password (they may need to be an admin?)
- Download this attachment as accountpolicies.xml
- Run the following in terminal when you're in the directory of the download
pwpolicy setaccountpolicies accountpolicies.xml
- Run
passwdin the terminal and enter your old password aand hit enter. Hit enter twice to confirm a blank new password.
|
||
Comment 18•4 years ago
|
||
Pushed by spohl@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/bf611fbecbff Allow for OS authentication to succeed when no passcode is set. r=mstange
|
||
Comment 19•4 years ago
|
||
| bugherder | ||
|
|
Reporter | |
Comment 20•4 years ago
|
||
I have retested this issue using the latest Nightly 76.0a1 build (Build ID: 20200331093527) and I have encountered the following behavior:
- The operating system’s authentication dialog accepts the empty password only at the second attempt. To be more specific: when trying to view a password, the auth dialog is displayed and if the "OK" button is pressed without entering any password, the auth dialog disappears and reappears. If the "OK" button is clicked again, the auth dialog is dismissed and the password is correctly shown.
- I have tested this issue on macOS 10.15.3, macOS 10.14.6 and macOS 10.13.6.
- I have also verified on Windows 10 x64 and Ubuntu 18.04 x64 if there are no regressions.
Considering the fact that the operating system’s authentication dialog accepts the empty password (even if only at the second attempt) I'm marking this issue as VERIFIED-FIXED. For the behavior mentioned above, I have logged a separate issue in Bug 1626247.
Description
•