If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Show password option is a security laps

RESOLVED DUPLICATE of bug 259996

Status

()

Toolkit
Password Manager
--
major
RESOLVED DUPLICATE of bug 259996
8 years ago
8 years ago

People

(Reporter: wajahat, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
Build Identifier: Mozilla Thunderbird version 2.0.0.22 (20090605)

Saved passwords can be disclosed by a few clicks. For corporate users this seems to be a major security laps as anyone having a little understanding can access emails of other people. For e.g. Junior IT support staff can retrieve and login to Senior management email accounts.

Although it can be avoided by setting a master password which is not disclosed but why set a password to protect passwords? The master password keeps prompting several time and causes irritation.

Reproducible: Always

Steps to Reproduce:
1.Navigate to Tools > Options > Privacy > Passwords
2.Click on Edit Saved Passwords.
3.A list of accounts saved by password manager will be displayed.
4.Click on Show Password and all passwords will be disclosed.
Component: Security → Password Manager
Product: Thunderbird → Toolkit
QA Contact: thunderbird → password.manager
Status: UNCONFIRMED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 259996
You need to log in before you can comment on or make changes to this bug.