Closed Bug 295963 Opened 20 years ago Closed 17 years ago

Login via PinPad reader: The User has to enter the PIN two times

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: safajoo, Assigned: dveditz)

Details

(Whiteboard: CLOSEME 08/21)

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Using Firefox to login to smartcard via pkcs#11 interface and a PINpad reader. Firefox shows its dialog to enter the pin. After this is done Firefox calls the C_Login function with NULL as PIN to enter the PIN via PinPad. than the dialog of PINpad reader appears to enter the pin via pin pad. If the you enter nothing in the first dialog and press enter, firefox call C_Login with NULL too. At heart the first dialog showned by Firefox has not to be showned in this case. Reproducible: Always Steps to Reproduce: 1.use a PINPad reader and smartcard and a p11 library 2.go to Tools->opotions->Mange security devices... 3.load the p11 library 4.click the smartcard loaded 5.press login 6.Firefox Pindialog appears 7.press ok. (NO ENTRY) 8.PINpad reader pindialog appears tip the pin via pinpad reader Actual Results: The login is successful Expected Results: The standard Firefox pin dialog isn't necessary if the user is using a pinpad reader and the pkcs#11 function C_Login with NULL is called.
I can confirm this bug as really present somewhere in the security layer. Mozilla correctly recognizes the CKF_PROTECTED_AUTHENTICATION_PATH flag of CK_TOKEN_INFO::flags in PKCS#11 module but shows the window anyway. The entered PIN is not validated. Inserting the PIN twice is quite confusing for the user and it is corrupting the security services of the module/mozilla.
Can anyone reproduce this bug with the latest Firefox 2 or 3 build? Thanks!
Whiteboard: CLOSEME 08/07
-> Core::Security for better triage before we close it?
Assignee: nobody → dveditz
Product: Firefox → Core
QA Contact: firefox → toolkit
Whiteboard: CLOSEME 08/07 → CLOSEME 08/21
Closing as incomplete, no response since more then 6 months. Reporter, if you can still reproduce this bug with a latest Firefox Trunk Build or Firefox Beta 5, please comment and reopen.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.