Closed
Bug 313906
Opened 19 years ago
Closed 19 years ago
Password Manager Vulnerability
Categories
(Toolkit :: Password Manager, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 259996
People
(Reporter: tremortime, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1
By navigating to tools-->options-->security-->passwords-->view saved passwords-->show passwords all a users passwords will, by default, be displayed in clear text! This is a huge vulnerability issue!!! The only way to workaround this is akward. The user can set a master password, but this then also requires the user to type the master password every time the program starts (or on the first attempt to retrieve a saved password for a webpage for that particular FF session).
Reproducible: Always
Severity: major → critical
Component: General → Password Manager
Comment 1•19 years ago
|
||
*** This bug has been marked as a duplicate of 259996 ***
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Comment 2•19 years ago
|
||
(In reply to comment #1)
>
> *** This bug has been marked as a duplicate of 259996 ***
>
why a duplicate, they only disabled a feature but now it's still a easy access. I can see all my passwords. Like sugested we should be asked to set a master password to activate the password manager features,at the choice of the user of course just to had this security feature. We should plan something like this for 2.0
Updated•19 years ago
|
Flags: blocking1.9a1?
Updated•19 years ago
|
Flags: blocking1.9a1?
Assignee | ||
Updated•16 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•