[tor-bugs] #30209 [Applications/Tor Browser]: logins.json data is added unencrypted, maybe thats why peolpe have problems with saved login data
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Apr 17 02:17:03 UTC 2019
#30209: logins.json data is added unencrypted, maybe thats why peolpe have problems
with saved login data
-------------------------------------+-------------------------------------
Reporter: sashaman | Owner: tbb-team
Type: defect | Status: new
Priority: High | Component: Applications/Tor
| Browser
Version: | Severity: Major
Keywords: encryption, cipher, | Actual Points:
tbb-8.0-issues, decryption, |
error, torbrowser, logins.json |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------+-------------------------------------
1)
install TB
disable always private surfing
enable saving login data
open a page with login form, logon and accept saving login data
data is being added to logins.json in unencrypted form
so far all seems right, but you will not be able to USE the saved logins
2)
go options again, set master pass, apply
add another login (go logon somewhere and save)
data is STILL being added to logins.json in UNENCRYPTED form (and
unencrypted is not being encrypted)
STILL not able to use the saved data
3)
copy over old logins.json and key4.db
voila, you can use it...
again try to add a new login to the old data -> same as 1) and 2) applies
implies the mechanism is broken
i can not find a fix
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30209>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list