Open ghost opened 8 years ago
I just gave it a try and the master password was requested. I think the master password prompt doesn't show up every single time a password is accessed; it has a short time interval during which the passwords are "unlocked".
Not when you want to display them in plaintext, like this extension does. Then the master password is always requested.
I wasn't prompted at all during the export.
a short time interval
Just tested it in Preferences
-> Security
-> Saved Logins...
. I was prompted every time I copied a password, the master password didn't remain unlocked.
As far as I can tell, this isn't a bug in the add-on, since it uses the Login Manager API, which is the one that decides when to prompt for the Master Password. If there's a bug, it's possibly on the Firefox side. Closing since I don't think there's anything that can be done in the add-on side.
Thanks, issue created at Bugzilla https://bugzilla.mozilla.org/show_bug.cgi?id=1284343
As far as I can tell, this isn't a bug in the add-on, since it uses the Login Manager API, which is the one that decides when to prompt for the Master Password. If there's a bug, it's possibly on the Firefox side. Closing since I don't think there's anything that can be done in the add-on side.
That's incorrect. When displaying passwords in plaintext to users (like exporting does) the consumer should be prompting for the master password as additional security. That's how the password manager UI works, the prompt before revealing isn't implemented by the loginmanager code itself, it's the UI which prompts. See https://dxr.mozilla.org/mozilla-central/rev/88bebcaca249aeaca9197382e89d35b02be8292e/toolkit/components/passwordmgr/content/passwordManager.js#494
Thanks for the info, I'll look into it.
Having a master password set, the export process doesn't require it to access the saved data.
Firefox 46.0b2 Debian stretch
I'd say this is a Firefox security issue, not a bug in the extension, but I'd prefer to confirm with you before reporting there.