---
Want to back this issue? **[Post a bounty on it!](https://www.bountysource.com/issues/83722250-firefox-extension-security-issue?utm_campaign=plugin&utm_content=tracker%2F52236699&utm_medium=issues&utm_source=github)** We accept bounties via [Bountysource](https://www.bountysource.com/?utm_campaign=plugin&utm_content=tracker%2F52236699&utm_medium=issues&utm_source=github).
Good morning all,
I just discovered, but maybe this is already known:,
When the Passman extension is installed on Firefox.
If 2-step authentication is enabled for your Nextcloud account.
If your safe is unlocked on the extension.
By refreshing your homepage with the address:
https: // your_cloud / apps / files /
The connection to the nexcloud account is then done automatically using the password of the application defined in the 2-step authentication settings.
And besides passes authentication in 2 steps.
Steps to reproduce
Go to the address https: // your_cloud / apps / files /
Unlock your Firefox Passman extesion
Refresh the page: https: // your_cloud / apps / files /
You are connected
Passman version: 2.3.4
Extension version: 2.11
Web Browser Firefox
Nextcloud version: 17.0.1