master password bug in mozilla thunderbird
To whom it may concern,
Hi, my name is ashim roy. i think i may have found a serious security flaw in thunderbird master password for locking and unlocking the app.
i can open the app, access all the emails, change settings. passwords, even see the passwords for all my emails without trying a single masterpassword. when you click the thunderbird icon to open the app the masterpassword prompt pops up asking for the password, all you have to do is click cancel and it opens up the app. you can click on any email again it will ask for the master password just click cancel and you will have access to all the emails. sometime it asks you two or three times for the password when you click something but it doesn't matter just click cancel and continue with your task.
It beast the whole purpose of the master password when anybody can just have access to your emails, passwords, your contact lists, everything. the thunderbird version 78.13.0(64-bit), OS Name: Ubuntu 21.04, OS Type:(64-bit), GNOME Version: 3.38.5, Windowing System: Wayland
Τροποποιήθηκε στις
Όλες οι απαντήσεις (3)
Master password is not intended to protect the emails on your computer - it's to protect passwords.
To protect the contents of your computer, including mail, that's what your user account on the computer is for.
I think you misunderstood me. I wasn’t talking about user account password for my pc. I was specifically talking about master password for Mozilla thunderbird that one can create to lock the mozilla thunderbird app so nobody else can open it when somebody else using my pc.