Open
Bug 302238
Opened 20 years ago
Updated 2 years ago
When incorrect master password is entered, password manager should say so in master password dialog
Categories
(Core :: Security: PSM, defect, P3)
Tracking
()
NEW
People
(Reporter: rishi.maharaj, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: polish, Whiteboard: [psm-backlog])
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050726 Firefox/1.0+
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050726 Firefox/1.0+
When an incorrect master password is entered, the master password dialog just
pops up again, without giving feedback that the previously entered password was
incorrect. It should say something like:
+-------------------------------------------------------------------+
|Incorrect master password. |
| |
|Please enter the master password for the Software Security Device. |
| _________________________________________________ |
| |_________________________________________________| |
+-------------------------------------------------------------------+
Reproducible: Always
Steps to Reproduce:
1. Go to a form where Firefox has remembered the password.
2. On the master password prompt, enter an incorrect password.
3.
Actual Results:
Master password dialog pops up again without feedback.
Expected Results:
Password manager should give feedback re. incorrect password.
|
||
Comment 1•20 years ago
|
||
For what it's worth. We (and IE?) do the same thing with when a website prompts
you to enter a password.
|
||
Comment 3•20 years ago
|
||
I can also reproduce this bug. I noticed the same issue if I try to view saved passwords and hit the 'Cancel' button instead of actually entering a password. The dialog reappears and you can hit cancel a few more times before it opens the password manager with no content. 'Cancel' should revert back to the previous screen without prompting again for the master password.
|
||
Updated•19 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Comment 4•18 years ago
|
||
This prompt is in NSS.
The fact that the dialog box stays technically lets you know that the entered password is invalid, so I think adding a note saying so could be a usability win without creating a security risk.
Assignee: nobody → nobody
Component: Password Manager → Libraries
Product: Firefox → NSS
QA Contact: password.manager → libraries
|
||
Comment 5•18 years ago
|
||
This is a request for a UI change. NSS does not do UI. No UI whatsoever.
Assignee: nobody → kengert
Component: Libraries → Security: PSM
Product: NSS → Core
QA Contact: libraries → psm
|
||
Updated•15 years ago
|
Assignee: kaie → nobody
Blocks: masterpassword
|
||
Comment 7•11 years ago
|
||
Hi, I would like to work on this bug. Would anyone be able to help me figure out what needs to be done to do this?
|
||
Updated•9 years ago
|
Whiteboard: [psm-backlog]
|
||
Comment 8•8 years ago
|
||
Firefox version 51.
Similarly, Firefox will open with multiple tabs. If I happen to click on a tab which needs a username and password previously saved by the "Master Password" function, the "Master Password" request window will pop up. Unfortunately, cancelling it only produces another pop-up window, thus preventing me from doing anything with Firefox until the master password is entered. So in order to close Firefox I have to either enter the master password and then proceed to exit or use the Task Manager to close Firefox.
I believe that a good browser would allow a person to cancel the request for a particular web page and not request the master password again until it's needed for a different URL or until you either click on a different tab and then return to the original tab or navigate away from the original URL and then return to it.
Repeatable: Yes
Behavior: "Master Password" request pop-up prevents use of Firefox until you correctly enter the master password.
Expected behavior: If I cancel the request, no more pop-ups should appear while URL session is open.
|
||
Comment 9•8 years ago
|
||
(In reply to Scott Pierskalla from comment #8)
> Expected behavior: If I cancel the request, no more pop-ups should appear while URL session is open.
Scott, what you are describing might be bug 177175 I think.
|
|
||
Updated•8 years ago
|
Priority: -- → P3
|
||
Comment 10•6 years ago
|
||
This issue is particularly frustrating because when I mistype my master password, the prompt normally reappears on a different monitor. So I don't notice that the password was incorrect.
|
||
Updated•3 years ago
|
Severity: trivial → S4
|
||
Comment 11•3 years ago
|
||
The severity field for this bug is relatively low, S4. However, the bug has 11 votes.
:keeler, could you consider increasing the bug severity?
For more information, please visit auto_nag documentation.
Flags: needinfo?(dkeeler)
|
||
Comment 12•3 years ago
|
||
The last needinfo from me was triggered in error by recent activity on the bug. I'm clearing the needinfo since this is a very old bug and I don't know if it's still relevant.
Flags: needinfo?(dkeeler)
You need to log in
before you can comment on or make changes to this bug.
Description
•