Closed Bug 719548 Opened 13 years ago Closed 13 years ago

Password Manager should use dpapi (windows login encryption)

Categories

(Core :: Security, defect)

Product:
Core
Component:
Security
Version:
9 Branch
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: lean-bugzilla, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Build ID: 20111220165912

Steps to reproduce:

my computer was stolen


Actual results:

the thief got all my passwords


Expected results:

firefox should have usen the windows login (dpapi), to encrypt passwords
or the user should have set a masterpassword or encrypt his user home directory.
Whiteboard: dupeme
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
Whiteboard: dupeme

This needs to be fixed.
Having to introduce the master password everytime you open the browser is inconvenient -> suggesting this is not a fix.

With windows DPAPI, you don't have to do this anymore. This is how it works on most chromium browsers...

(In reply to diogovalada.7 from comment #2)

This needs to be fixed.
Having to introduce the master password everytime you open the browser is inconvenient -> suggesting this is not a fix.

With windows DPAPI, you don't have to do this anymore. This is how it works on most chromium browsers...

This is now Bug 1562324 to use the existing OSKeystore mechanism to generally replace Master Password. There's a lot of UX work that has to happen for that, though.

You need to log in before you can comment on or make changes to this bug.