Closed Bug 306602 Opened 19 years ago Closed 19 years ago

mozilla/firefox percieved as insecure because password manager displays passwords in cleartext.

Categories

(Toolkit :: Password Manager, enhancement)

Product:
Toolkit
Component:
Password Manager
Platform:
x86
Linux
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED DUPLICATE of bug 259996

People

(Reporter: mozilla, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050721 Firefox/1.04 (Ubuntu package 1.0.6)
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050721 Firefox/1.04 (Ubuntu package 1.0.6)

As per my comment to
http://verens.com/archives/2005/08/14/eircoms-webmasters-suck/  :
Any browser that has the ability to show you what passwords are used for the
sites you visit in cleartext should only do so if you have a master password set.
Having passwords displayed in clear text without having to enter a master
password is a security risk - anybody could start up Firefox, popup the Password
Manager and see what the actual passwords are. 
Unless the master password has been entered the other passwords should be
displayed as 'password bullets' instead of in cleartext.

Reproducible: Always

Steps to Reproduce:
1. get somebody I don't trust to start firefox on my browser
2. give him a biro and notepad to copy my username and passwords down
3. wish I'd set a master password first.

Actual Results:  
severe depression.

Expected Results:  
it shouldn't have displayed the passwords in cleartext unless a master password
had been entered.
If you let someone you don't trust on your computer, you've already lost.

*** This bug has been marked as a duplicate of 259996 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
v
Status: RESOLVED → VERIFIED
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.