Closed Bug 1883477 Opened 1 year ago Closed 1 year ago

Master Password should protect / prevent access to mail when starting thunderbird

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1566458

People

(Reporter: 4tech, Unassigned)

Details

When you start Thunderbird 115.3.1 or 115.8.4 instead of entering a master password you can press "cancel" repeatedly and not only the "Password Required" dialog goes away but the entire GUI is loaded and you gain full access to the emails already present in your mailbox(es). Totally NOT secure.
Tested on Windows 10 and Windows 11.
Name Thunderbird
Version 115.8.0
Build ID 20240216174500
User Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:115.0) Gecko/20100101 Thunderbird/115.8.0
OS Windows_NT 10.0 19045

See below older bug 318697 closed but NOT resolved.

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8) Gecko/20051111 Firefox/1.5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8) Gecko/20051111 Firefox/1.5

When starting thunderbird my password for retrieving new mail is asked. When I push the 'cancel'-button I (and everyone else) can acces and read my already downloaded e-mails. The program should NOT start up if this password is incorrect !!

Reproducible: Always

Actual Results:
When cancelling the program starts up and I (and everyone else) can acces already downloaded e-mails.

Expected Results:
Program should not start up.

It's only designed to protect access to passwords, not local cache.

Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
Duplicate of bug: 1566458
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.