Closed Bug 537497 Opened 15 years ago Closed 15 years ago

Master Password provides false sense of security!

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 537499

People

(Reporter: thomas, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091204 Lightning/1.0b1 Thunderbird/3.0

This is not a new security issue, probably existed since master password was first introduced.

If I have Master Password enabled in TB and am prompted to type in my master password when I start it. Then I only need to click cancel until I gain access to do more or less everything. I can read all, and receive new, emails stored on the computer, as well as change settings, until TB prompts about the password again at which point I again only need to click cancel...

When starting TB is even loading up all accounts in the background so everything that is visible on the startup screen can be read even when the password requester is still visible.

Even worse, I can even send emails without having to ever enter the master password. Sure, I will get a lot of master password requesters, but I just have to cancel them to be able to send emails.


Conclusion:

This renders the master password requester completely useless for anything but the possibility to read the passwords in plain text "Options/Security/Saved Passwords..."!

The result of this is that users will get a false sense of security, while they are in reality not protected at all, except from reading the passwords in plain text.


Proposed solution:

For the master password to be usable for anything outside "Options/Security/Saved Passwords..." a much more granular configuration is needed.

1 - Minimum protection is that it is needed to read (plain text) or change existing password.

This also need to have a timer so that after a configured time the requesters where I view or change saved passwords are closed or locked until I provide it again.

2 - Total control and configuration of how passwords are used outside Options.

- Before the main window opens I must enter the correct master password when I start TB.
- A hotkey to lock down any, or all, accounts. TB will then stop any activity that requires password as well as access to any information. This also includes sending email even if they don't require credentials.
- A timer that kicks in and locks TB after x amount of time not using actively using TB that will require the password to unlock.
- Password needed after waking up the computer from hibernation, stand by, etc. As well as if password is required to unlock computer from screen saver.
- Option to require password for sending emails.
- Optionally be able to configure, for example, individual email accounts different. This especially usable when requiring password when sending email.

Of course, the above will only protect access to the information from within TB. It wont protect against direct access to the files on the computer. To solve that encryption and other security features will be needed as well.

Reproducible: Always

Steps to Reproduce:
See details...
Actual Results:  
No information protection.

Expected Results:  
No access to any information or features without providing the master password. Basically TB is completely locked without it.
Added link to similar bug submission for Firefox.
See Also: → 537499
I agree with this. The way it works now is just an annoyance. I preferred it the was it was in TB 2 where the master password was only asked for when wanting to view the passwords in plain text. There is no point in asking for it upfront when TB starts if it doesn't provide any other security.
please do not file duplicates. and do not include unnecessary essays, they're just annoying.
Status: UNCONFIRMED → RESOLVED
Closed: 15 years ago
Resolution: --- → DUPLICATE
See Also: 537499
(In reply to comment #0)
> This is not a new security issue, probably existed since master password was
> first introduced.

Indeed, and that's why both

  http://www.mozilla.org/support/thunderbird/bugs and
  http://www.mozilla.org/quality/bug-writing-guidelines.html

actually tell you to check for duplicates *first*, before filing any new "bug". For Thunderbird, a search would have brought up at least these, I think:

 Bug 528198 - Cancelling master password dialog box allows full access
   to the program

 Bug 35308 -  password and encrypting protecting for mail folders

Ignoring basic bug filing guidelines is definitely wasting the time of the community.
OS: Windows XP → All
Hardware: x86 → All
You need to log in before you can comment on or make changes to this bug.