Results 1 to 9 of 9

Thread: Firefox shows saved passwords without authentication

  1. #1
    Join Date
    Nov 2009
    Beans
    39
    Distro
    Ubuntu 10.04 Lucid Lynx

    Firefox shows saved passwords without authentication

    if you go to Edit > prefs > security and choose to show saved passwords they are displayed without entering root pw. This seems to be a huge security hole. How do we fix this?
    Think of the minutes of boot time I will save!

  2. #2
    Join Date
    Nov 2007
    Location
    London, England
    Beans
    5,413
    Distro
    Xubuntu 14.04 Trusty Tahr

    Re: Firefox shows saved passwords without authentication

    Firefox keeps its saved passwords in/under your home directory. There is no need for the "root" or admin password to gain access. In fact, even users who don't have access to root are allowed to use firefox.

    Firefox does however have an option to password protect all the passwords (Edit -> Preferences -> Security -> Use a master password) in which case you have to enter the master password every time you start firefox. Once started, I can't remember if it wants the password again before you use "show passswords" on not. It would probably be better if it did, just in case someone else gets to your desk while you're away getting a coffee.

  3. #3
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Firefox shows saved passwords without authentication

    Either that, or encrypt your home directory.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  4. #4
    Join Date
    Aug 2008
    Location
    Brazil
    Beans
    12,497
    Distro
    Ubuntu Studio 12.04 Precise Pangolin

    Re: Firefox shows saved passwords without authentication

    Is not a security hole, is a convenience option. As already explained, you can encrypt Firefox's passwords using a Master password. Just look for that option in FF's preferences Security tab.

  5. #5
    Join Date
    Nov 2009
    Beans
    39
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Firefox shows saved passwords without authentication

    Convenience is a good thing; however, i find i am unable to say yes to anyone who needs to "hop onto the internet" using my computer anymore. Requiring a master pass to open FF is a bit much. The option needs some tweaking IMO
    Think of the minutes of boot time I will save!

  6. #6
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Firefox shows saved passwords without authentication

    Quote Originally Posted by blagosphere View Post
    Convenience is a good thing; however, i find i am unable to say yes to anyone who needs to "hop onto the internet" using my computer anymore. Requiring a master pass to open FF is a bit much. The option needs some tweaking IMO
    Indeed.

    If you wish to share your computer, check out the "guest" account.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  7. #7
    Join Date
    Aug 2008
    Location
    Brazil
    Beans
    12,497
    Distro
    Ubuntu Studio 12.04 Precise Pangolin

    Re: Firefox shows saved passwords without authentication

    Quote Originally Posted by bodhi.zazen View Post
    Indeed.

    If you wish to share your computer, check out the "guest" account.
    You could also create a Firefox guest profile.

  8. #8
    Join Date
    Apr 2006
    Location
    Montana
    Beans
    Hidden!
    Distro
    Kubuntu Development Release

    Re: Firefox shows saved passwords without authentication

    Quote Originally Posted by lovinglinux View Post
    You could also create a Firefox guest profile.
    True.

    I am always shocked by these kinds of threads. It is as if the light bulb is going off for the first time.

    "Hey if someone access my computer / account s/he has access to my data".

    Physical access = root access and the only "real" protection one has is encryption.

    Alternates to encryption include separate accounts (one per user) , guest accounts, and Linux permissions.
    There are two mistakes one can make along the road to truth...not going all the way, and not starting.
    --Prince Gautama Siddharta

    #ubuntuforums web interface

  9. #9
    Join Date
    May 2007
    Location
    The New Forest
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: Firefox shows saved passwords without authentication

    You could also, of course, not actually use the option.
    Forum Social IRC Channel
    Xubuntu IRC Support
    Xubuntu Support

    Please do not PM me about Registration issues without having been asked to. I will tell you to post here

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •