Saved passwords function is not working unless signons.sqlite and key3.db files are deleted, or unless saved password is deleted by Password Manager

NEW
Unassigned

Status

Thunderbird
Security
--
major
10 years ago
2 years ago

People

(Reporter: Adolfo, Unassigned)

Tracking

({steps-wanted})

15 Branch
x86
Windows 7
steps-wanted

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [workaround in comment 28])

(Reporter)

Description

10 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_3; en-us) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20
Build Identifier: 2.0.0.14 (20080421)

Im using Google IMAP and POP from my mail server.
Almost every time that I open Thunderbird and press Send/Receive I get the prompt to type my password. I check the box to Save Password but it wont work.
I receive my messages as usually but when I close and open Thunderbird it asks sometimes the password.


Reproducible: Sometimes

Steps to Reproduce:
1. Press Send/receive button.
2. Fill the password information with "Save Password" checked.
3. Uses your thunderbird as usually.
4. Close and open your Thunderbird.
5. Repeat Step 1.
Actual Results:  
It asks for my password again.

Expected Results:  
It shouldn't ask anymore.

The time to check for new messages is set for 10 minutes.
I checked if the password is stored in Tools->Account Settings->Privacy->Passwords->Edit Passwords and it is!
There my email account is not in clear text. I mean:
e.g. My email account esilva@intsis.com.br
        The account stored there is esilva%40intsis%2Ecom%2Ebr

Workaround: Dont use "Save Passwords" function.
Duplicate of this bug: 441881
Duplicate of this bug: 218954
Marking new based on dups.
Status: UNCONFIRMED → NEW
Ever confirmed: true

Updated

9 years ago
Version: unspecified → 2.0

Comment 4

9 years ago
more dupes? bug 469987, bug 488832.

Comment 5

6 years ago
What is the status of this?   I've been struggling with this for years and realized it's been captured since 2009.

If people aren't going to fix remember passwords in Thunderbird, I'd appreciate at least at updated workaround.   Maybe someone can write an Addon called "fix password" that manages this?

At one point, I thought I was able to delete the rogue memorized password and recreate it, but it's locked up again this morning and I can't shake it loose - thanks!

Comment 6

6 years ago
(In reply to tconrad1 from comment #5)
> What is the status of this?   I've been struggling with this for years and
> realized it's been captured since 2009.

Could you test it with a newer version of TB, please? Original post was about using version 2 which us pretty old now.

Anyway, using TB 15 on Ubuntu and not having this issue.

Changing to MacOS X on platform field, as it seems is what user in comment 0 was using,
OS: Windows XP → Mac OS X

Updated

6 years ago
Whiteboard: [closeme 2012-10-15]

Comment 7

6 years ago
Javi,

No, this still doesn't work in TB 15.0.1 on Windows 7 (not MacOs for me).   I've been stuck without this working for a *long* time.

I thought that I got it to work once by creating a manual entry in the Firefox password file.  I took a line and edited to what the TB one should look like (I thought).   Then I think I changed it there.  But then the password got lost again and I couldn't reproduce it.   I'm not 100% convinced that this worked though.   I leave TB open for months so once I have the password set (without the "remember" button set, because if I do that, I can't get email), so I can go months without entering a new password anyways.

Summary, TB 15.0.1

- Every time I start TB, I need to enter a password.
- If I check the remember password box, it will *not* connect to email server
- I know it remembered it an old password - when it pops up and displays the *'s, I can just highlight and change the 2 character that I change all the time and overwrite those characters with the current ones and it logs in.  But if I don't change them, it doesn't
- If someone could tell me where to find this stored away password, I would *really* appreciate it.  I just want to delete it.   You guys can fix the underlying bug later.

Thanks,
Tim

Comment 8

6 years ago
Changing to platform All because of Tim comment.
OS: Mac OS X → All

Updated

6 years ago
Whiteboard: [closeme 2012-10-15]

Updated

6 years ago
Version: 2.0 → 15

Comment 9

6 years ago
(In reply to tconrad1 from comment #7)
> - If I check the remember password box, it will *not* connect to email server
> - I know it remembered it an old password - when it pops up and displays the
> *'s, I can just highlight and change the 2 character that I change all the
> time and overwrite those characters with the current ones and it logs in. 
> But if I don't change them, it doesn't

This seems to point to a problem where the password is not updated. Just to be sure, Tim: the password that appears the first time you retrieve your mail is an old one and, once you change it, it is using the new -correct- one until you check the "Remember the password" check-box or quits TB?

> - If someone could tell me where to find this stored away password, I would
> *really* appreciate it.  I just want to delete it.   You guys can fix the
> underlying bug later.

You can try with the add-on Saved Password Editor.

Comment 10

6 years ago
Javi,

No, not exactly.   It never switches to the new one.  It seems to have this old password that it retrieves from memory.   I know it's that because I only cursor over the characters that I routinely update, change them, and it works for that session.   But it will not work if I check "remember password".  If that is checked, it keeps saying password incorrect.   It's just plain stuck somewhere.

I have the add-on password editor.   That doesn't work (at least as far as finding and editing the email password).   I thought I had fixed it once with that editor by creating a fake entry by hand with the correct login/password, but if it did work, it was only once and later I couldn't get that trick to work (if it ever did).  Same with trying to find and delete it with that tool.  I'm just used to the recipe of uncheck "save" and highlight the black circles with the wrong characters and fix them.  It's a pain though since this worked perfectly for years.  It also works if I retype all the password characters.

So once I have the new password accepted, the session works.   But if I restart thunderbird, it seems that it tries once with the "remembered" incorrect/old password, then brings up the dialog box to take action and redo it.  I've cleared caches and all the obvious things.  I don't know the inner workings of this, but if there was a "flush bad password" option, that would be fine for those of us with it stuck on some old one stored who-knows-where...

Thanks,
Tim

Comment 11

6 years ago
Then, it seems that the password is not updated from its current value.

A workaround that could work for you is to rename signons.sqlite and key3.db to .old (so, adding ".old" to both their filenames, signons.sqlite becoming signons.sqlite.old and so on). This should be done when TB is not running. Then, when restarting Thunderbird, it should ask you again for a password -the field should appear empty now- and recreate both files.

Comment 12

6 years ago
Javi - thanks, that workaround is perfect!   It started me up without a memorized paasword and the new one is kept (I verified by restarting Thunderbird).

Maybe this is minor importance to the Mozilla community, but it was a big problem for me.   It might be good to add your workaround to some FAQ page to make sure others can make use of this.  As I said, if you keep the remember button checked, it would never let you back in to your email, so many people would probably quit using this if it happened.

Thanks!
Tim

Comment 13

5 years ago
Update - Javi's suggestion worked - *until* the system required a password change.   Then it's messed up again.  I'll do the delete and restart, but a clue here suggests it's not the file that is corrupt.

Tim

Comment 14

5 years ago
Can someone please fix this?   I need to come here every three months and figure out which files to delete.  This is awful!   At least add a button called "purge corrupt passwords" please!

Comment 15

5 years ago
Javi's fix still works - but can someone make it so I don't need to delete the app data files once a quarter to use this program?   Something corrupts them (ie, thunderbird).   There must be something more fundamentally wrong here.

Comment 16

5 years ago
(In reply to tconrad1 from comment #13)
> Update - Javi's suggestion worked - *until* the system required a password
> change.   Then it's messed up again.  I'll do the delete and restart, but a
> clue here suggests it's not the file that is corrupt.
> 
> Tim

Just to clarify: by "system" do you mean "mail server"?

As always, in order to fix issue, a replication of it is needed. If people cannot replicate it, it is unlikely to be solved. I am not saying it is just a problem only appearing to you, though.

Comment 17

5 years ago
Javi,

Yes, our mail server requires a password change each quarter.  After that happens, Thunderbird will not update the password such that it automatically logs in unless I delete those files.

I have tried various options to log back in after a password change, including using the Firefox password changer (which works other web sites).  Regardless, the password doesn't get updated and Thunderbird appears to keep sending the old password.   If I enter a new password, but not click the "save" option, I think I can get it to run (but it will later come back with the window to enter the password).

Yesterday, when I did this, it seemed like this was the pattern, if I remember it correctly:

 - I deleted the files you mention
 - I start up thunderbird
 - it asks for the password, I enter it and click to remember it
 - oddly, it came back with the same password panel, and when I went to click on it, it went away and the mail came up.  I was wondering why the password seemed wrong, but it actually was correct because it connected.  Since then, it's remained connected or reconnected correctly.

So if I delete both files, it always works.  I think I'm up to ".bak5" version of them.  The failure seems to be that Thunderbird does not update these files or even accept updates from the Firefox password edit.

Thanks,
Tim

Comment 18

5 years ago
The problem about password not being updated is also on bug 563567. The thing is that I am unsure if all of this is a Preferences problem.

Logins and Password belongs to the Security component. Anyway, this Bugzilla component seems to have become where most of the issues end, either are related to settings or not.

At the official documentation it is noted that the procedure to update password is to delete old pssword and add it the new one. However, on Security/Passords dialog there is no "add password" button.

I have been reading a little bit about interfaces related to passwords and have found that Password Manager was the old Toolkit Service, which didn't provide a way to update passwords. The new one is Login Manager. It provides a function to change the password programmatically: modifyLogin.

I have been comparing both Mozilla browser (on m-c) and Thunderbird (on c-c) and I found no differences at first sight. I will continue to look at this.

Finally, Tim, it is unnceseary to remember us the problem is still there. There are people -7 of them right now- following this bug so it is easy some of them are testing periodically about its resolution. Myself is on that list :)

Thank you for your patience and by not stop using Thunderbird. I hope the issue is going to be solved possitively in the near future.

Updated

4 years ago
Duplicate of this bug: 857272

Comment 20

4 years ago
(In reply to Javi Rueda from comment #18)
> Logins and Password belongs to the Security component. Anyway, this Bugzilla
> component seems to have become where most of the issues end, either are
> related to settings or not.

yes, security is probably the place for these. 

https://bugzilla.mozilla.org/buglist.cgi?f1=short_desc&list_id=11059016&short_desc=password&o1=nowordssubstr&resolution=---&classification=Client%20Software&classification=Components&query_format=advanced&f2=OP&short_desc_type=allwordssubstr&v1=autoconfig&component=Account%20Manager&component=Preferences&product=MailNews%20Core&product=Thunderbird may contain some more duplicates. Can you check them too please?
Severity: minor → normal
Component: Preferences → Security
Whiteboard: [duptome]

Comment 22

4 years ago
actually the granddaddy may be bug 244111, where rsx11m and others have comments
Whiteboard: [duptome]

Comment 23

4 years ago
I am unsure, Wayne. Bug 244111 is about the fact that TB didn't download messages once the correct password was filled.

Updated

4 years ago
Duplicate of this bug: 638734

Updated

4 years ago
Duplicate of this bug: 998318

Updated

4 years ago
Duplicate of this bug: 903295

Comment 27

3 years ago
DO we have a set of steps to reliably reproduce?
Flags: needinfo?(leofigueres)
Keywords: steps-wanted
See Also: → bug 244111
Summary: Saved passwords function is not working. → Saved passwords function is not working unless passwords unless signons.sqlite and key3.db are deleted

Comment 28

3 years ago
Steps are indicated in comment 0. However, the bug title also describes a workaround, taken from my comment 11.

Since Mozilla 32 it seems that the correct file to delete is logins.json, which replace signons.sqlite. It can be found on the profile directory.

http://kb.mozillazine.org/Password_Manager describes how to re-import data.

I have been unabvle to reproduce this bug on any of my available systems -Ubuntu on a VM and a real OS X- so I cannot tell if it is working.

Tim, could you test this new workaround, please? Thank you.
Flags: needinfo?(leofigueres) → needinfo?(tconrad1)
OS: All → Other
Summary: Saved passwords function is not working unless passwords unless signons.sqlite and key3.db are deleted → Saved passwords function is not working unless signons.sqlite and key3.db files are deleted
Whiteboard: [workaround in comment 11]

Updated

3 years ago
OS: Other → Windows 7

Comment 29

3 years ago
OK, next time our corporate password changes, I'll try the new stuff (last time I did the old workaround and it was still working).

Thanks!
Flags: needinfo?(tconrad1)

Comment 30

3 years ago
Guys, this is driving my customer OUT OF THEIR MINDS!  Yes I am shouting.  Please fix this.

By the way, setting the files to read only only works until the next update.   AAAAHHHHHHHHHHHHHHH!!!!!

Comment 31

3 years ago
(In reply to Todd from comment #30)
> Guys, this is driving my customer OUT OF THEIR MINDS!  Yes I am shouting. 
> Please fix this.
> 
> By the way, setting the files to read only only works until the next update.
> AAAAHHHHHHHHHHHHHHH!!!!!

The Document Foundation, home of LibreOffice, has a policy that it is not the responsibility of the core team to fix bugs, rather it is the responsibility of service partners. After all, you are making money supporting your customers, I am not. While this is not currently the formal policy of the Thunderbird project, it is a great idea. So patches are welcome, particularly from people with customers who are being plagued by this.

Perhaps you could investigate this and submit a patch?

Comment 32

3 years ago
1) what does Document Foundation have to do with Mozilla and why do you care what their policies are?

2) I make ZERO off of reporting bugs.  The time I spend reporting and documenting and NEEDINFO costs me DEARLY.

3) The maintainers of signons.sqlite and key3.db are the proper persons to fix this bug, not me.  I am not a programmer and wouldn't have a clue how to go about fixing it.  I can only help troubleshoot it for FREE.

FIX THIS!

Comment 33

3 years ago
Kent, all, I don't want to debate who should fix this, but I would say that there are probably few of us with this problem (who have waited patiently since 2008 for a fix) that can fix this.   I don't know much about these db files, but I do know that the number of people who have a problem and take the time to create an account, document the problem, and do debug on it (eg me) is pretty small and probably represents a significant number of other users who gave up or moved on.

I don't know what Todd above does, but I'm just an email user and it's extremely frustrating to see something like a locked password and not see it get fixed after 7 years....

Tim

Comment 34

3 years ago
There should be some clues here.

found a bad logins.json.

I had Read Only the original logins.json, something screwed up and Thunderbird decided to write to it.  Thunderbird could not, so it created a logins.json.tmp:

{"nextId":2,"logins":[],"disabledHosts":[],"version":1}

The user exited Thunderbird, restarted Thunderbird, Thunderbird re-read the original Read Only logins.json, and happy camping was returned.

The proper one looks like this (I have removed the passwords and replaced them with "abc"):

{"nextId":2,"logins":[{"id":1,"hostname":"smtp://smtpout.secureserver.net","httpRealm":"smtp://smtpout.secureserver.net","formSubmitURL":null,"usernameField":"","passwordField":"","encryptedUsername":"abc","encryptedPassword":"abc","guid":"{aacfc240-3394-4937-868c-93f3cd92c746}","encType":1,"timeCreated":1449168460221,"timeLastUsed":1449168460221,"timePasswordChanged":1449168460221,"timesUsed":1}],"disabledHosts":[],"version":1}

All of the above troubleshooting was done for FREE.

Updated

2 years ago
Duplicate of this bug: 1170331

Updated

2 years ago
Whiteboard: [workaround in comment 11] → [workaround in comment 28]

Comment 36

2 years ago
Guys !!!!

One of my customer's five facilities has to send out 640 invoices at the end of every month.  If I am not around to remote into their system to fix this, they have to enter the password 640 times.  Reentering the password and pressing save password doesn't work unless I delete those two files.  And that procedure is over their technical expertise.

***  I CAN NOT BEGIN TO TELL YOU HOW ANGRY THE CUSTOMER IS OVER THIS !!!  ***  You would be too.

I have plenty of before and after stuff to send you, must must send you privately. YOU ARE THE MOZILLA FOUNDATION, NOT MICROSOFT OR OPEN OFFICE!  YOU FIX THINGS!

Please stop dragging your butts and fix this.

Comment 37

2 years ago
(In reply to Todd from comment #30)
> By the way, setting the files to read only only works until the next update.

How does setting the files to read only helpful? 
What else must be done to make this an effective (temporary) workaround?
By update - do you mean Thunderbird update?  
What happens to the files on update? (Seems to me Thunderbird shouldn't be touching them)
Flags: needinfo?(ToddAndMargo)

Comment 38

2 years ago
Thank you for helping me with this.  My customer is really, really **** (an understatement).

(In reply to Wayne Mery (:wsmwk, NI for questions) from comment #37)
> (In reply to Todd from comment #30)
> > By the way, setting the files to read only only works until the next update.

Depending on the update, I have had the installer remove the "read only" tag from "logins.json" and "session.json".  It does not always happen.

> 
> How does setting the files to read only helpful? 

It takes about five times as long for the issue to reappear.  When it does, I find Thunderbird has created "logins.json.tmp" and "session.json.tmp" files.  Erasing the tmp files does no good either.  I have to erase "logins.json" and "session.json" as well and reenter and resaving the outgoing password.

> What else must be done to make this an effective (temporary) workaround?

I have to erase "logins.json" and "session.json" and logins.json.tmp" and "session.json.tmp" as well and reenter and resave the outgoing password.

> By update - do you mean Thunderbird update?  

I couldn't find the remark.  I presume I was referring to re-entering and re-saving the outgoing password.  If I do not erase those two files (or four files), the password has to be entered each and every outgoing mail.  The mail will go out each time the password is re-entered.  Clicking save has no effect.

> What happens to the files on update? (Seems to me Thunderbird shouldn't be
> touching them)

If you mean Thunderbird update, normally nothing, unless the installer resets the read only flags on those two files.

I have before and after of these files, if that helps.

Why won't clicking "save" update these files unless I erase them and start over?
Flags: needinfo?(ToddAndMargo)

Comment 39

2 years ago
(In reply to Todd from comment #38)
> Thank you for helping me with this.  

sure. bear in mind I no expertise in this area. but let's investigate and try to bring in the right people


> Why won't clicking "save" update these files unless I erase them and start over?

Someone on IRC speculated "when password needs to be updated every three months, it looks like an enterprise install... there's probably some group policy that prevents the file from being updated/write"
Comment hidden (metoo)

Comment 41

2 years ago
Just fixed a guy on 45.3.0, Wind7 Pro x 64, Go Daddy (secure server), iMap and SMTP.  Thunderbird properly stored his iMap password, but this bug nailed his outgoing eMail.  It would not save his SMTP password and prompted every time he went to send a message.
FYI.
Following is copy of Bug 855373 Comment #2. Following is description on POP3, but it's applicable to SMTP server too. Some SMTP servers immediately close connection just after login failure or just after succesful QUIT completion.

*** copy of comment ***

There are known unplesant server behaviours after login failure by password error and not-so-well setups around login.

(a) Server closes connection immediately.
    Tb doesn't clear saved password immediately by the login error,
    because there is no way to know "login failure is by wrong 
    password", and in order to avoid "account deactivation by server
    due to too many login attemps by other reason than wrong password".
    And, saved password is cleard and new password is saved after
    successfull login by newly entered password.
    In POP3, Tb has problem of "connection kill by server just
    after loign failure is not well processed". So, Tb requests
    CAPA command and waits for CAPA response in order to retry with
    newly entered password, and it fails again because of timeout.
    In this case, because saved password(wrong password) is not
    cleared yet, same thing happens again.

(b) Server advitises wrong login methods.
    When multiple login methods are advertised by server(call loginA
    and loginB), Tb tries other method when first method fails.
    If first loginA fails by wrong password, because there is no way to
    kow reason why login fails, Tb tries loginB.
    If the advertised loginB is not supported by server, loginB with
    saved(wrong) password also fails.
    In such case, if server closes connection because of "continuous
    login attempts failure", same thing as (a) happens.
    "non supported loginB" is server side configuration error. 

In any of above, "clear password by Password Manager in Tb" works well, unless account is deactivated due to "multiple login failure by wrong password".

Updated

2 years ago
Severity: normal → major

Comment 43

2 years ago
(In reply to Wayne Mery (:wsmwk, NI for questions) from comment #39)
> Someone on IRC speculated "when password needs to be updated every three
> months, it looks like an enterprise install... there's probably some group
> policy that prevents the file from being updated/write"

Todd, have you investigated this theory? Are you able to write to the logins.json file manually using some editor while TB is closed (of course backup the file)?

Comment 44

2 years ago
(In reply to :aceman from comment #43)
> (In reply to Wayne Mery (:wsmwk, NI for questions) from comment #39)
> > Someone on IRC speculated "when password needs to be updated every three
> > months, it looks like an enterprise install... there's probably some group
> > policy that prevents the file from being updated/write"
> 
> Todd, have you investigated this theory? Are you able to write to the
> logins.json file manually using some editor while TB is closed (of course
> backup the file)?

I will have to wait for one to screw up again.

If it helps, I can easily delete and/or rename the thing

Updated

2 years ago
Duplicate of this bug: 855373
Summary: Saved passwords function is not working unless signons.sqlite and key3.db files are deleted → Saved passwords function is not working unless signons.sqlite and key3.db files are deleted, or unless saved password is deleted by Password Manager
You need to log in before you can comment on or make changes to this bug.