776268 - Unnecessary Prompt for Master Password on Launching SeaMonkey

Status: NEW

(SeaMonkey :: Passwords & Permissions, defect)

Description

[David E. Ross]

Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20120715 SeaMonkey/2.11

When I launch SeaMonkey, I get a popup dialogue requesting my master password although I am not doing anything that requires it.  This is NOT a new problem.  I have seen this since at least SeaMonkey 2.0.9.  

I thought it would be resolved by fixes to other bugs.  However, that is not happening when I see fixes for those other bugs implemented.  

Note that I do not use SeaMonkey for mail or newsgroups.  In any case, I do not see this problem with Thunderbird (Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20120713 Thunderbird/14.0).  Thus, I do not think this is a MailNews Core/Networking problem (e.g., bug #338549, which was supposedly fixed in Thunderbird 3; bug #560793, which was supposedly fixed in Thunderbird 13).  However, the MailNews Core fixes for bug #338549 or bug #560793 might be missing from SeaMonkey.  

The repeated assertion in bug #560792 as to that problem's unlikely occurrence indicates that this is a distinct problem.  

The details for bug #724296 clearly indicate that is a MAC-related problem.  I see this problem in Windows XP.  

The work-around for this problem is to set preference variable signon.startup.prompt to "False".

Comment 1

[therube]

Does the issue persist in a new, clean, Profile?

Since it does not, maybe you can find the trigger in your current Profile to resolve it on your end.

Thinking that over time as you've tested these various bugs, something got set, a pref & something "disk" related perhaps, that is causing this for you.  Like perhaps the simple existence of a /Mail/ directory in your Profile & or mail.* prefs in prefs.js.  Purge each of them & see what happens.

As you know, the work-around is what was used with Bug 338549 during that time.

Comment 2

[David E. Ross]

I did the following:  

1.  Create a new, clean profile.  

2.  Launch SeaMonkey in that profile in Safe Mode.  No request for the master password was displayed.  

3.  Login to a Web site that requires a user ID and password.  Accept the saving of that user ID and password.  Logout from the Web site.  

4.  On the SeaMonkey menu bar, selected [Edit > Preferences > Privacy & Security > Master Passwords], set a master password.  

5.  Terminate SeaMonkey.  

6.  Launch SeaMonkey.  Before even the browser window appeared on my monitor, there was a request for the master password.  

Conclusion:  Contrary to comment #1, the problem does indeed persist in a new, clean profile, even in Safe Mode.  What is required to see the problem is that a master password must have been explicitly set; it might also be necessary that a user ID and password exist in the Password Manager.

Comment 3

[therube]

(You never stated you had created a Master Password.)

1.  Create a new, clean profile.  

2.  Launch SeaMonkey in that profile in Safe Mode.  No request for the master password was displayed.  
 
 
4.  On the SeaMonkey menu bar, selected [Edit > Preferences > Privacy & Security > Master Passwords], set a master password.  

5.  Terminate SeaMonkey.  

6.  Launch SeaMonkey.  Before even the browser window appeared on my monitor, there was a request for the master password.
 
 
---

Confirmed.

Well is this then expected behavior?
It has been this way, Master Password prompt before the browser will open, at least from SeaMonkey 2.0.
(Mozilla 1.7.13 was not like that, but is difficult to run these days.)

Comment 4

[David E. Ross]

This should NOT be expected behavior.  It creates a security vulnerability in that my passwords become available for login without me wanting to login to any Web site.  

There are times when I do not login to any Web site during an entire session.  If I were then to walk away from my PC without terminating SeaMonkey (because I am in the middle of something and do not want to loose the session), anyone could then use my PC to access my bank and mutual fund accounts.