Closed Bug 313906 Opened 19 years ago Closed 19 years ago

Password Manager Vulnerability

Categories

(Toolkit :: Password Manager, defect)

Product:
Toolkit
Component:
Password Manager
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 259996

People

(Reporter: tremortime, Unassigned)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20051006 Firefox/1.4.1 By navigating to tools-->options-->security-->passwords-->view saved passwords-->show passwords all a users passwords will, by default, be displayed in clear text! This is a huge vulnerability issue!!! The only way to workaround this is akward. The user can set a master password, but this then also requires the user to type the master password every time the program starts (or on the first attempt to retrieve a saved password for a webpage for that particular FF session). Reproducible: Always
Severity: major → critical
Component: General → Password Manager
*** This bug has been marked as a duplicate of 259996 ***
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
(In reply to comment #1) > > *** This bug has been marked as a duplicate of 259996 *** > why a duplicate, they only disabled a feature but now it's still a easy access. I can see all my passwords. Like sugested we should be asked to set a master password to activate the password manager features,at the choice of the user of course just to had this security feature. We should plan something like this for 2.0
Flags: blocking1.9a1?
Flags: blocking1.9a1?
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.