Closed
Bug 234919
Opened 22 years ago
Closed 16 years ago
e.mail client after using master password selecting menu->tools->password manager->log out does not work
Categories
(MailNews Core :: Security, defect)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: painterengr, Unassigned)
Details
User-Agent:
Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.6) Gecko/20040113
with e.mail client open and after using master passwword selecting
menu->tools->password manager->log out does not work. one can attempt to get
e.mail but the master password dialog does not come up and e.mail is fetched.
i am using master password enabled, encrypted, and have numerous web site user
names and passwords. i also have a password for the pop e.mail account.
Reproducible: Always
Steps to Reproduce:
1. start mozilla e.mail client
2. select get msgs button
3. master password dialog pops up- enter password
4. e.mail is obtained
5. select menu->tools->password manager->log out
6. dialog box appears indicating you are now logged out
7. select get msgs button
8. mail is gotten without prompting for the master password
Actual Results:
mail is gotten without prompting for the master password.
Expected Results:
the master password dialog should pop up and prompt for the master password.
this same basic sequence WORKS for the browser's username-password management.
|
||
Updated•21 years ago
|
Product: Browser → Seamonkey
(In reply to comment #1)
> not security sensitive
Huh? If password protection is not security sensitive; what is? The person who
filed this bug is correct: the "log out" function of the password manager does
not work. Unfortunately, the wording he used was a little vague, so I'm not
sure how obvious the implications of this bug will be to those who haven't
incidently discovered it already.
From the Mozilla help file:
"Logging Out of Your Master Password"
"You can log out of your master password so that it must be entered again before
any sensitive information can be stored or retrieved."
That is false. If one selects "Tools->Password Manager->Log Out" from the menu,
the password data is not protected. One must fully shut down the browser session.
|
||
Comment 3•20 years ago
|
||
We use "security sensitive" to temporarily hide flaws that could be used by "the
bad guys" against you. To use this flaw they have access to your machine
already, if this is a serious worry you need OS-level password protection when
you leave your computer unattended.
Not a password manager bug, the password manager is logged out. The problem is
that mail code is caching passwords. We should have other bugs on this, but I
can't find it.
Assignee: dveditz → nobody
Component: Password Manager → MailNews: Security
Product: Mozilla Application Suite → Core
Whiteboard: DUPEME
|
||
Comment 4•20 years ago
|
||
This is an automated message, with ID "auto-resolve01".
This bug has had no comments for a long time. Statistically, we have found that
bug reports that have not been confirmed by a second user after three months are
highly unlikely to be the source of a fix to the code.
While your input is very important to us, our resources are limited and so we
are asking for your help in focussing our efforts. If you can still reproduce
this problem in the latest version of the product (see below for how to obtain a
copy) or, for feature requests, if it's not present in the latest version and
you still believe we should implement it, please visit the URL of this bug
(given at the top of this mail) and add a comment to that effect, giving more
reproduction information if you have it.
If it is not a problem any longer, you need take no action. If this bug is not
changed in any way in the next two weeks, it will be automatically resolved.
Thank you for your help in this matter.
The latest beta releases can be obtained from:
Firefox: http://www.mozilla.org/projects/firefox/
Thunderbird: http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html
Seamonkey: http://www.mozilla.org/projects/seamonkey/
|
|
||
Comment 5•20 years ago
|
||
This bug has been automatically resolved after a period of inactivity (see above
comment). If anyone thinks this is incorrect, they should feel free to reopen it.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → EXPIRED
|
Reporter | |
Comment 6•20 years ago
|
||
this is still broken on 1.7.12
Status: RESOLVED → UNCONFIRMED
Resolution: EXPIRED → ---
|
||
Updated•17 years ago
|
QA Contact: security
|
Assignee | |
Updated•17 years ago
|
Product: Core → MailNews Core
|
|
||
Comment 7•17 years ago
|
||
Reporter, Can you confirm whether this problem is gone, or still exists on a current version of thunderbird?
We are working to help old bugs move along, so your comment will be helpful.
Whiteboard: DUPEME → revisit 2008-12-18
|
||
Comment 8•17 years ago
|
||
SeaMonkey only issue - Thunderbird (and Firefox) do not have a log out option.
Product: MailNews Core → SeaMonkey
QA Contact: security → seamonkey
Whiteboard: revisit 2008-12-18
that's incorrect. it's just much better hidden than it used to be.
tools>options>advanced>encryption>security devices
nss internal pkcs #11 module
. software security device
the log out button is available there.
in order to use it, you need to "change password" (test/test will suffice),
then log in, then have fun, and then click log out.
Product: SeaMonkey → MailNews Core
QA Contact: seamonkey → security
Summary: e.mail client after using master passwword selecting menu->tools->password manager->log out does not work → e.mail client after using master password selecting menu->tools->password manager->log out does not work
|
||
Comment 10•16 years ago
|
||
Closing Incomplete for lack of answers.
Feel free to reopen if you can provide more information.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago → 16 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•