Closed Bug 483387 Opened 15 years ago Closed 15 years ago

password forgotten on fake authentication error

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 121647

People

(Reporter: sysman, Unassigned)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.5) Gecko/2008120121 Firefox/3.0.5
Build Identifier: 2.0.0.18

If the remote server temporarily denies the login (eg. @gmail.com recently had problems) thunderbird deletes the stored password and asks again. If the user don't remembers the password, he can't login again until returning at home where he may have stored the passwords in a secure place. This is really a very annonying usability issue.

The easy fix (to travel with a copy of the passwords in a plain text file) would be a security risk added to the copy already kept by thunderbird itself.

Thunderbird correctly prompts for a new password in order to try to "update" it under authentication errors, but should NOT DELETE the last password stored until a new one is reported to work (in order to give the old password a new try, at least when the application is restarted).

Reproducible: Always
Same request as Bug 435306 ?
For IMAP case, especially for Gmail IMAP's frequent denial of login case, Bug 423354 exists and was already improved by patch for Bug 422814(trunk only).
sysman??
Component: General → Security
QA Contact: general → thunderbird
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.