Thunderbird "strangely" stores IMAP/POP/LDAP credentials in password manager

RESOLVED FIXED in Thunderbird 3.0b2


12 years ago
10 years ago


(Reporter: damiano.albani, Unassigned)


Thunderbird 3.0b2

Firefox Tracking Flags

(Not tracked)




12 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; fr-FR; rv: Gecko/20070310 Iceweasel/ (Debian-
Build Identifier: Thunderbird 2

When Thunderbird stores connection credentials for IMAP/POP servers into the password manager, the login is embedded in the property, e.g. :
         Host                  Username      Password
imap://        (empty)      <password>
mailbox://     (empty)      <password>

Is there any particular technical reason to this ?
I'm developing some kind of password management extension for Thunderbird and this behavior causes me some trouble.

The issue becomes more annoying with LDAP directories, as only the URI is stored in the host property, losing the "bind DN" information, which can be considered as the username in a way. So, as far as I understand it, it's not possible to have Thunderbird remember the passwords for 2 LDAP directories with the same URI but different bind DN, is it ?

On a side note, when you look at stored passwords in the "view saved passwords" window, there can be encoding issues at times, e.g. "firstname.surname" is displayed as "firstname%2Esurname". So I think username and password cells in the XUL tree should be passed through decodeURIComponent().
See <>

Reproducible: Always
This is currently being looked at as part of bug 239131. That bug may not fully resolve the LDAP problems. Marking as a dependency and we can revisit it once bug 239131 is fixed.
Depends on: 239131
Ever confirmed: true
Assignee: dveditz → nobody
The display of these are now fixed with the landing of bug 239131. LDAP directories are a different issue that is already filed.
Last Resolved: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 3.0b2
You need to log in before you can comment on or make changes to this bug.