Closed
Bug 526820
Opened 15 years ago
Closed 15 years ago
Requires master password immediately on every startup, though not
Categories
(Thunderbird :: Security, defect)
Tracking
(thunderbird3.1 beta2-fixed)
RESOLVED
FIXED
Thunderbird 3.1b2
| Tracking | Status | |
|---|---|---|
| thunderbird3.1 | --- | beta2-fixed |
People
(Reporter: dough, Assigned: standard8)
References
Details
(Whiteboard: [fixed by bug 560746])
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5pre) Gecko/20091020 Shredder/3.0pre
Immediately upon startup it requires the master password. I'm on a dialup line and am not even connected to the internet yet. Also it's configured to never automatically get new mail, it only gets mail when I press "Get Mail".
Reproducible: Always
Steps to Reproduce:
1. Start up Shredder
2.
3.
Actual Results:
Immediately requests the master password.
Expected Results:
Should not request the master password until I have dialed up (which I do manually) and have asked Shredder to "Get Mail".
|
||
Updated•15 years ago
|
Component: General → Security
QA Contact: general → thunderbird
|
||
Comment 1•15 years ago
|
||
Doug, did you migrate from 2.0.0.x? Are you referring to Master password, or Account password?
There was this report on Hendrix from Tony <something> on 13 Nov 2009 regarding "Master" password. Is this same as what you see?
"I've downloaded and installed Thunderbird 3.0b4. At the first start it
successfully got all settings from my Thunderbird 2.0.0.23, but began to
ask me about 'password for security device'. I opened the
options/security dialog and saw that master password checkbox is set and
i can't remove it (because i was asked for the password, rly).
To double check - i run old thunderbird and saw that this checkbox is
not set. So, this looks like the migration problem."
Version: unspecified → 3.0
|
Reporter | |
Comment 2•15 years ago
|
||
In case it wasn't clear I had a master password on TB 2, so migration happened right for me. My complaint is just that it's asking for a password for no reason, since I've yet to do anything that required it.
|
|
||
Comment 3•15 years ago
|
||
(In reply to comment #2)
> In case it wasn't clear I had a master password on TB 2, so migration happened
> right for me. My complaint is just that it's asking for a password for no
> reason, since I've yet to do anything that required it.
Are you by any chance using secure connections with certificates ?
|
|
Reporter | |
Comment 4•15 years ago
|
||
> Are you by any chance using secure connections with certificates
Nope, no secure connection, ISP doesn't support it. The only associated password is my email account. Doesn't appear that the password for the PPP is in there, which is interesting... I guess because it's not actually associated with Thunderbird at all.
|
|
||
Comment 5•15 years ago
|
||
What is the value of signon.expireMasterPassword in your prefs.js file ?
|
|
Reporter | |
Comment 6•15 years ago
|
||
prefs.js is virgin, I haven't touched it. What's the default
value for that variable?
Sidenote, it would be nice if prefs.js had Windows line endings
on Windows.
|
|
||
Comment 7•15 years ago
|
||
default is false. you can find it via Tools > Options > Advanced > General > Config Editor. paste signon.expireMasterPassword in the the filter. non-bold indicates preferences is at the default setting
|
|
Reporter | |
Comment 8•15 years ago
|
||
Mine still has the default value of 'false'.
|
|
||
Comment 9•15 years ago
|
||
i'd guess the new password manager ask for password at startup by design, regardless of network state
|
|
Reporter | |
Comment 10•15 years ago
|
||
If it was by design, it's a bad design. It means you can't read mail offline without it wanting the master password. I did an experiment and answered Cancel to the request for the password and it comes back every 5 minutes asking for the password. This seems just like the behavior of the old version, with the exception that the old version was polite enough to wait 5 minutes after you started it up before asking the first time, it's now so impatient it can't wait.
|
||
Comment 11•15 years ago
|
||
Here is my issue: When I open Thunderbird 3.0 on Win XP (Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091204 Thunderbird/3.0) a box demands: "Please enter the Master Password for the Software Security Device". Now I do not have a Master Password and never have had a Master Password. There apparently is no way to stop Big Brother from asking me for a Master Password. So each time I hit "cancel" to bypass the unnecessary request and move on to entering my password for Thunderbird. Why has this demand been designed into Thunderbird 3.0? It was not present before I downloaded 3.0.
|
||
Comment 12•15 years ago
|
||
I wonder if you have somehow enabled FIPS mode. Can you check for me?
In Prefs/Advanced/Certificates/Security Devices... look on the right for a bunch of buttons like "Log In", and "Log Out". What does the last one say? Does it say "Enable FIPS", or "Disable FIPS"?
|
|
Reporter | |
Comment 13•15 years ago
|
||
"Enable FIPS"
|
Assignee | |
Comment 14•15 years ago
|
||
This was indeed by design, the underlying issues that caused us to make that design change initially have been fixed and we've now removed the forced prompt (bug 560746) for the Thunderbird 3.1 builds.
The fix will be in Thunderbird 3.1 beta 2 and later. Unfortunately it isn't able to be backported to the 3.0 builds.
Assignee: nobody → bugzilla
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
status-thunderbird3.1:
--- → beta2-fixed
Depends on: 560746
Resolution: --- → FIXED
Whiteboard: [fixed by bug 560746]
Target Milestone: --- → Thunderbird 3.1b2
You need to log in
before you can comment on or make changes to this bug.
Description
•