With custom authentication backend, passphrase default to "foo"

RESOLVED DUPLICATE of bug 570180

Status

()

RESOLVED DUPLICATE of bug 570180
9 years ago
2 months ago

People

(Reporter: znarfor, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

9 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; fr; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4
Build Identifier: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; fr; rv:1.9.2.4) Gecko/20100611 Firefox/3.6.4

I'm using a customized Weave Server, with no code modification, just a custom authentication backend. Basically, the context is explained here: http://ladistribution.net/blog/2010/06/firefox-sync-now-available/

Because my user account is already existing, i don't choose the option "I’ve never used Sync before" but "I’m already using Sync on another computer" even if it's my first synchronization.

By following these steps, the synchronization works perfectly, but the Firefox UI doesn't ask me a passphrase. If I look later in the password manager (chrome://weave) the passphrase value is "foo".

For obvious security reasons, the UI should ask me a passphrase OR maybe use a randomly generated one, but should never use the passphrase "foo".

Reproducible: Always

Steps to Reproduce:
1. Use a custom Weave server with a custom authentication backend and user account already existing
2. Initialize the Firefox Sync extension with good parameters
Actual Results:  
no passphrase asked. passphrase default to "foo".

Expected Results:  
passphrase asked.
This is already fixed. Fix will be in 1.4.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 570180
(Assignee)

Updated

2 months ago
Component: Firefox Sync: Backend → Sync
Product: Cloud Services → Firefox
You need to log in before you can comment on or make changes to this bug.