Open
Bug 302238
Opened 19 years ago
Updated 1 year ago
When incorrect master password is entered, password manager should say so in master password dialog
Categories
(Core :: Security: PSM, defect, P3)
Tracking
()
NEW
People
(Reporter: rishi.maharaj, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: polish, Whiteboard: [psm-backlog])
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050726 Firefox/1.0+ Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050726 Firefox/1.0+ When an incorrect master password is entered, the master password dialog just pops up again, without giving feedback that the previously entered password was incorrect. It should say something like: +-------------------------------------------------------------------+ |Incorrect master password. | | | |Please enter the master password for the Software Security Device. | | _________________________________________________ | | |_________________________________________________| | +-------------------------------------------------------------------+ Reproducible: Always Steps to Reproduce: 1. Go to a form where Firefox has remembered the password. 2. On the master password prompt, enter an incorrect password. 3. Actual Results: Master password dialog pops up again without feedback. Expected Results: Password manager should give feedback re. incorrect password.
|
||
Comment 1•19 years ago
|
||
For what it's worth. We (and IE?) do the same thing with when a website prompts you to enter a password.
|
||
Comment 3•19 years ago
|
||
I can also reproduce this bug. I noticed the same issue if I try to view saved passwords and hit the 'Cancel' button instead of actually entering a password. The dialog reappears and you can hit cancel a few more times before it opens the password manager with no content. 'Cancel' should revert back to the previous screen without prompting again for the master password.
|
||
Updated•18 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Comment 4•17 years ago
|
||
This prompt is in NSS. The fact that the dialog box stays technically lets you know that the entered password is invalid, so I think adding a note saying so could be a usability win without creating a security risk.
Assignee: nobody → nobody
Component: Password Manager → Libraries
Product: Firefox → NSS
QA Contact: password.manager → libraries
|
||
Comment 5•17 years ago
|
||
This is a request for a UI change. NSS does not do UI. No UI whatsoever.
Assignee: nobody → kengert
Component: Libraries → Security: PSM
Product: NSS → Core
QA Contact: libraries → psm
|
||
Updated•14 years ago
|
Assignee: kaie → nobody
Blocks: masterpassword
|
||
Comment 7•11 years ago
|
||
Hi, I would like to work on this bug. Would anyone be able to help me figure out what needs to be done to do this?
|
||
Updated•8 years ago
|
Whiteboard: [psm-backlog]
|
||
Comment 8•8 years ago
|
||
Firefox version 51. Similarly, Firefox will open with multiple tabs. If I happen to click on a tab which needs a username and password previously saved by the "Master Password" function, the "Master Password" request window will pop up. Unfortunately, cancelling it only produces another pop-up window, thus preventing me from doing anything with Firefox until the master password is entered. So in order to close Firefox I have to either enter the master password and then proceed to exit or use the Task Manager to close Firefox. I believe that a good browser would allow a person to cancel the request for a particular web page and not request the master password again until it's needed for a different URL or until you either click on a different tab and then return to the original tab or navigate away from the original URL and then return to it. Repeatable: Yes Behavior: "Master Password" request pop-up prevents use of Firefox until you correctly enter the master password. Expected behavior: If I cancel the request, no more pop-ups should appear while URL session is open.
|
||
Comment 9•7 years ago
|
||
(In reply to Scott Pierskalla from comment #8) > Expected behavior: If I cancel the request, no more pop-ups should appear while URL session is open. Scott, what you are describing might be bug 177175 I think.
|
|
||
Updated•7 years ago
|
Priority: -- → P3
|
||
Comment 10•6 years ago
|
||
This issue is particularly frustrating because when I mistype my master password, the prompt normally reappears on a different monitor. So I don't notice that the password was incorrect.
|
||
Updated•2 years ago
|
Severity: trivial → S4
|
||
Comment 11•2 years ago
|
||
The severity field for this bug is relatively low, S4. However, the bug has 11 votes.
:keeler, could you consider increasing the bug severity?
For more information, please visit auto_nag documentation.
Flags: needinfo?(dkeeler)
|
||
Comment 12•2 years ago
|
||
The last needinfo from me was triggered in error by recent activity on the bug. I'm clearing the needinfo since this is a very old bug and I don't know if it's still relevant.
Flags: needinfo?(dkeeler)
You need to log in
before you can comment on or make changes to this bug.
Description
•