Master password should block access to cookies/active logins when not entered

RESOLVED INVALID

Status

()

Firefox
Security
P5
enhancement
RESOLVED INVALID
5 years ago
5 years ago

People

(Reporter: matthew.leather, Unassigned)

Tracking

23 Branch
x86_64
Windows 7
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

5 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0 (Beta/Release)
Build ID: 20130730113002

Steps to reproduce:

Enter an incorrect master password


Actual results:

Still able to access sites where the login is already active.


Expected results:

Should be unable to access these sites from a security standpoint.

Would also help to have a guest session system to prevent the enter your password spam from the master password when it's not entered.

Updated

5 years ago
Component: Untriaged → Security
Works as expected on Latest Nightly

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0(20130827030201)

> Steps to reproduce:
> Enter an incorrect master password

> Actual results:
> Still able to access sites where the login is already active.
This is expected to happen.

> Expected results:
> Should be unable to access these sites from a security standpoint.
This is not expected to happen. If you enter an incorrect master password in Options->Security->Saved Password you are not allowed to see the sites where you are already logged and theyr passwords. For example: 

1. login to facebook, and check keep me logged in option. 
2. Go to Options->Security and set a Master Password
3. Reopen Firefox and go to www.facebook.com

Expected:
After step 3 you must pe automatically loged in you fb account from step 1.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → INVALID
(Reporter)

Updated

5 years ago
Severity: normal → enhancement
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.