If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Password Manager Vulnerability

RESOLVED DUPLICATE of bug 259996

Status

()

Toolkit
Password Manager
--
critical
RESOLVED DUPLICATE of bug 259996
12 years ago
9 years ago

People

(Reporter: Michael, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1

By navigating to tools-->options-->security-->passwords-->view saved passwords-->show passwords all a users passwords will, by default, be displayed in clear text! This is a huge vulnerability issue!!! The only way to workaround this is akward. The user can set a master password, but this then also requires the user to type the master password every time the program starts (or on the first attempt to retrieve a saved password for a webpage for that particular FF session).

Reproducible: Always
(Reporter)

Updated

12 years ago
Severity: major → critical
Component: General → Password Manager

*** This bug has been marked as a duplicate of 259996 ***
Group: security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → DUPLICATE

Comment 2

12 years ago
(In reply to comment #1)
> 
> *** This bug has been marked as a duplicate of 259996 ***
> 

why a duplicate, they only disabled a feature but now it's still a easy access. I can see all my passwords. Like sugested we should be asked to set a master password to activate the password manager features,at the choice of the user of course just to had this security feature. We should plan something like this for 2.0

Updated

12 years ago
Flags: blocking1.9a1?

Updated

12 years ago
Flags: blocking1.9a1?
(Assignee)

Updated

9 years ago
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.