Closed
Bug 228179
Opened 21 years ago
Closed 21 years ago
Passwords are kept in base 64 and with 664 permissions
Categories
(Toolkit :: Password Manager, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 227100
People
(Reporter: psilva, Assigned: bryner)
Details
(Whiteboard: [sg:dupe 227100])
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031015 Firebird/0.7
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031015 Firebird/0.7
When a user chooses to store a password with user password management, Firebird
(and also Mozilla) stores the password in a file ,inside the profile directory
.phoenix, ending with an s like: 65656656.s.
This file has two problems, one is that it is created with 664 permissions
instead of 600, other is that passwords are stored in base64 instead of being
encrypted. like mozilla al least allows (although it isn't the default behaviour).
For users in the same unix group is very easy to stole passwords like homebaking
apps and others.
This should be fixed! Passwords should be well encrypted and the file shouldn't
be readeable :-(
In a multiuser environment this a serious bug!
Mozilla suffers othe same problem.
Reproducible: Always
Steps to Reproduce:
1.
2.
3.
|
||
Comment 1•21 years ago
|
||
For Pete's sake, this does not warrant being a security group (eg secret) bug.
You have to have user or root access to view these files anyway. If your unix
environment is set up to allow user A to view the files in user B's home
directory you've got problems unrelated to Firebird already.
I'm duping this against a slightly earlier bug which has already had its
security group flag removed.
*** This bug has been marked as a duplicate of 227100 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
|
||
Updated•21 years ago
|
Group: security
Whiteboard: [sg:dupe 227100]
|
||
Updated•17 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•