bypass master-pw by beeing quick
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
firefox-3.0 (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: firefox-3.0
Ubuntu Studio Hardy Heron
Package Firefox 3.0+nobinonly-
Situation:
A Master-pw is set, it is required to enter it once in a session when there is a webpage for which I safed he log-in information. The 'secure login' add-on is installed, for opera-style 'safed login information gets entered when you press the button, instead of right away'.
What should happen:
I start firefox, lots of pages get loaded from the last session. I don't wait for all the pages to load, instead I go to a tab with a page with a log-in.
I hit the 'secure log-in'-button. The request for the master password pops up. After I entered the master-pw I get logged in OR need to hit the 'secure-log-in' button again to get logged in.
What happens:
I hit the 'secure log-in'-button, and get logged in. At some point, the request for the master password pops up. At this point of time I'm already logged in and the master-pw request is useless.
I didn't test it further but I think that there are possibly other cases where the master-pw can be bypassed in a similar manner.
Changed in firefox-3.0 (Ubuntu): | |
status: | Incomplete → Invalid |
Thank you for taking the time to report this bug and helping to make Ubuntu better. You reported this bug a while ago and there hasn't been any activity in it recently. We were wondering is this still an issue for you? Could you try to reproduce the same with Ubuntu 8.10 or 9.04? Thanks in advance.