Closed Bug 1681262 Opened 4 years ago Closed 4 years ago

encrypted emails are automatically decrypted without a password provided

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1566458

People

(Reporter: arche1, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) QtWebEngine/5.15.2 Chrome/83.0.4103.122 Safari/537.36

Steps to reproduce:

I updated to v78.4.3 and imported my Enigmail setup from the previous installation with the provided wizard.

Actual results:

When I open Thunderbird and acess an encrypted email, it is automatically decrypted without me having to provide my password for the PGP Key.

Expected results:

Thunderbird should ask me for my PGP Key Password to ensure it is me accessing the encrypted content
If there is any setting to change whether you want to be asked for your password or not it needs to be the default to give your password and optionally let you opt-in in a setting where you don't have to provide it anymore it needs to be marked with big red letters that this option will greatly compromise the concept of PGP.

Component: Security → Security: OpenPGP
Product: Thunderbird → MailNews Core

You can use the master password to be asked a password. But if you want real security, use disc encryption.

Group: mail-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.