Open
Bug 186834
Opened 22 years ago
Updated 3 years ago
Removing POP account does not forget password
Categories
(SeaMonkey :: MailNews: Account Configuration, defect)
SeaMonkey
MailNews: Account Configuration
Tracking
(Not tracked)
NEW
People
(Reporter: bugzilla.account, Unassigned)
Details
(Keywords: privacy, sec-other, Whiteboard: [sg:nse] security flaw)
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.3b) Gecko/20021226 Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.3b) Gecko/20021226 After POP account removal, the remembered POP password remains saved in Password Manager. Reproducible: Always Steps to Reproduce: 1. Create an mail account 2. First time asked for password, check "[ ] Use Password Manager to rememer ..." 3. Remove the account 4. Create new account with same properties 5. Check for new mail Actual Results: No password dialog pops up, the old password will be used. Expected Results: Password dialog pops up, asking for password. Alternative: (On step 3) after clicking "Remove account" a dialog pops up to confirm removal. If there are some stored passwords related to this account, there appears also a check box "[x] Remove stored password(s) as well" (checked by default).
Comment 1•22 years ago
|
||
>Password Manager. I suggest marking this wontfix. The password can be manually
deleted, and also protected by the Master Password.
Product: MailNews → Browser
QA Contact: junruh → bsharma
Comment 2•22 years ago
|
||
Password Manager
Assignee: mstoltz → morse
Component: Security: General → Password Manager
QA Contact: bsharma → tpreston
==> NEW. It's a really MS- and IE-sounding idea to keep passwords somewhere even after they're supposed to be gone. Password is an essential property of account, and should be destroyed along with it. Users may just forget that they're stored somewhere else, after all. Increasing severity.
Severity: normal → major
Status: UNCONFIRMED → NEW
Ever confirmed: true
Whiteboard: security flaw
Reassigning to new module owner
Assignee: morse → dveditz
Comment 5•20 years ago
|
||
This needs to be over in mail... Password Manager itself has no clue when mail accounts go away unless Mail tells us. Probably true for Thunderbird as well, but thats just guessing.
Assignee: dveditz → mscott
Component: Password Manager → Account Manager
Product: Browser → MailNews
Updated•20 years ago
|
Product: Browser → Seamonkey
Updated•16 years ago
|
Assignee: mscott → mail
QA Contact: tpreston
You need to log in
before you can comment on or make changes to this bug.
Description
•