Closed Bug 501297 Opened 16 years ago Closed 16 years ago

Show password option is a security laps

Categories

(Toolkit :: Password Manager, defect)

Product:
Toolkit
Component:
Password Manager
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 259996

People

(Reporter: wajahat, Unassigned)

Details

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) Build Identifier: Mozilla Thunderbird version 2.0.0.22 (20090605) Saved passwords can be disclosed by a few clicks. For corporate users this seems to be a major security laps as anyone having a little understanding can access emails of other people. For e.g. Junior IT support staff can retrieve and login to Senior management email accounts. Although it can be avoided by setting a master password which is not disclosed but why set a password to protect passwords? The master password keeps prompting several time and causes irritation. Reproducible: Always Steps to Reproduce: 1.Navigate to Tools > Options > Privacy > Passwords 2.Click on Edit Saved Passwords. 3.A list of accounts saved by password manager will be displayed. 4.Click on Show Password and all passwords will be disclosed.
Component: Security → Password Manager
Product: Thunderbird → Toolkit
QA Contact: thunderbird → password.manager
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.