Closed Bug 636396 Opened 13 years ago Closed 13 years ago

Master password bug in Thunderbird

Categories

(Thunderbird :: Preferences, defect)

x86
Windows 7
defect
Not set
major

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 318697

People

(Reporter: viktoras.gostevas, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; lt; rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7

After storing master password to protect thunderbird client. I found one bug that when i restart program clicking on Cancel button. The tab with password disappears and the password is just not needed. It happens after multiple pushings on Cancel.

Reproducible: Always
Summary: Security bug in Thunderbird → Master password bug in Thunderbird
The master password is only designed to protect your passwords (as it says in preferences). It is not designed to protect your email (which could be accessed via the hard disk), you should use OS-level protection for that.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
--- Comment #1 from Mark Banner (:standard8) <bugzilla@standard8.plus.com> 2011-02-24 12:42:07 PST ---
The master password is only designed to protect your passwords (as it says in
preferences). It is not designed to protect your email (which could be accessed
via the hard disk), you should use OS-level protection for that.

*** This bug has been marked as a duplicate of bug 318697 ***

So where do you mister think the email is comming out? From the HARD DISK wich is stored on OTHER PC HARD DISK. It has the route threw the ports of stored IP where computer is located. As it has the security for itself - its safe. What do you think about the user and its privacy. The SSL is being given to the OPENSOURCE projects as its confirmed with a law. E-mail is P2P client wich provides the comfort and the stability. Stability means security, and the security means stability. You must fix this bug. The user must be safe. And i'm not considering and talking just for like that. Thats not an issue. Its ours safety.
(In reply to comment #2)
> Stability means security, and the
> security means stability. You must fix this bug. The user must be safe. And i'm
> not considering and talking just for like that. Thats not an issue. Its ours
> safety.

The only way for the user to be safe to share a login with some form of password-protected email, would be to encrypt the mail storage on the disk.

The majority of users use OS level protection for that, because it is not just their emails that they want to protect, and they are satisfied with that level of protection. Other tools are available to encrypt hard drives or parts of hard drives, it is not something we plan to pursue as part of Thunderbird itself.
You need to log in before you can comment on or make changes to this bug.