525916 - when not using a master password, Weave passwords are stored in plaintext

Status: RESOLVED DUPLICATE of bug 533025

(Firefox :: Sync, defect)

Description

[Shi Sherebrin]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4

In the Tools|Options|Security panel, I have "Remember passwords for sites" not checked, and yet Weave is still storing my password - there used to be an option to have Weave sign in automatically, now it seems to do so without giving me a choice.  Certainly, automatic sign-in is more convenient but the user should be warned that this is being done and that s/he should set a master password if that's not already done.

Reproducible: Always

Steps to Reproduce:
1. don't have a master password set or "Remember passwords for sites" checked off
2. sign out
3. check the Saved Passwords area, you should be able to "Show passwords" in plaintext
Actual Results:  
Weave passwords appear in plaintext

Expected Results:  
Passwords should not automatically be stored unencrypted if "Remember passwords for sites" is not checked.  Instead the user should be asked to sign in each time, and given the option to remember the password - if that option is taken, a suggestion should be given to the user to set a master password if that's not yet done.

Comment 1

[Mike Connor [:mconnor]]

The summary of this bug is sort of strange.  Firefox does not store any passwords in an encrypted fashion if the user doesn't have a master password, but that's a Firefox behaviour.  The rest is a dupe of bug 533025

Comment 2

[Shi Sherebrin]

thanks for connecting this with the duplicate, I'll comment further there.