Closed
Bug 280285
Opened 20 years ago
Closed 20 years ago
Cookies containing personally identifyable information should be linked w/ PSM
Categories
(SeaMonkey :: Passwords & Permissions, enhancement)
Tracking
(Not tracked)
People
(Reporter: dluchini30, Assigned: dveditz)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a6) Gecko/20050111
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a6) Gecko/20050111
Cookies that contain personally identifyable information such as a username and
password combination for autologin to a website should require you to, if you
have set Mozilla up to do so, ask for a password from PSM before they can be
accessed and their information submitted. Without such functionality it is
always possible for somebody to read cookie information and find out your
usernames/passwords which Password Manager would be keeping encrypted but Cookie
Manager would not.
Reproducible: Always
Steps to Reproduce:
1. Have a website set up a cookie containing a username/password combination or
other user-sensitive data.
2. Restart Mozilla so that you will be asked for a PSM password when applicable.
3. Go to the website you set your autologin cookie with.
Actual Results:
Website will autologin without Mozilla asking for a PSM password.
Expected Results:
Cookie Manager should ask for a PSM password if one is set.
Requires a PSM password to be set for this to work.
Comment 1•20 years ago
|
||
*** This bug has been marked as a duplicate of 56788 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•