X
Πατήστε εδώ για μετάβαση στην έκδοση της ιστοσελίδας για κινητές συσκευές.

Φόρουμ υποστήριξης

Logins & password save - a Serious security hole

Δημοσιεύτηκε

I set up two Windows accounts on my Windows 10 and synced the passwords and settings in only one account. To my surprise, when I login in the second account, every login and password was there without the master password. This means that any one using that account can see my password.

I think this is a really serious security hole and Firefox should fix it as soon as possible.

I set up two Windows accounts on my Windows 10 and synced the passwords and settings in only one account. To my surprise, when I login in the second account, every login and password was there without the master password. This means that any one using that account can see my password. I think this is a really serious security hole and Firefox should fix it as soon as possible.

Επιλεγμένη λύση

Each user should have a completely separate profile saved under their own Windows user folder. Not until you sign in to a Firefox Account should any data cross over. If you check your profile folder location, can you confirm that the folders for each of the two Windows accounts are stored under the correct Windows user? That is listed on the Troubleshooting Information page. Either:

  • "3-bar" menu button > "?" Help > Troubleshooting Information
  • (menu bar) Help > Troubleshooting Information
  • type or paste about:support in the address bar and press Enter

In the first table on the page, check the Profile Folder row.

Ανάγνωση απάντησης σε πλαίσιο 0
Παράθεση

Επιπρόσθετες λεπτομέρειες συστήματος

Εφαρμογή

  • Πλατφόρμα χρήστη: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0

Περισσότερες πληροφορίες

jscher2000
  • Top 10 Contributor
8704 λύσεις 71122 απαντήσεις
Δημοσιεύτηκε

granite1005 said

I set up two Windows accounts on my Windows 10 and synced the passwords and settings in only one account. To my surprise, when I login in the second account, every login and password was there without the master password.

Hi granite1005, I'm not sure what you mean by "only one account." If there is a kind of data you don't want Sychronized, you should uncheck that box on the setup on the Options Page, Firefox Accounts settings, on all installations.

The Master Password feature is a local-only password that can't be synchronized, so every system you add to Sync will need to have its own Master Password set to secure locally saved logins. There should be a stronger warning on that.

''granite1005 [[#question-1267247|said]]'' <blockquote> I set up two Windows accounts on my Windows 10 and synced the passwords and settings in only one account. To my surprise, when I login in the second account, every login and password was there without the master password.</blockquote> Hi granite1005, I'm not sure what you mean by "only one account." If there is a kind of data you don't want Sychronized, you should uncheck that box on the setup on the Options Page, Firefox Accounts settings, on all installations. The Master Password feature is a local-only password that can't be synchronized, so every system you add to Sync will need to have its own Master Password set to secure locally saved logins. There should be a stronger warning on that.
Σάς φάνηκε χρήσιμο;
Παράθεση
Δημοσιεύτηκε

Ιδιοκτήτης ερώτησης

Hi Jscher2000,

I meaned I have two user accounts on Windows 10. I used one account and another person will use the other account.

When I log in my account on Windows 10, open Firefox and start to sync my data on Firefox. Then I log out my Windows account and login to my friend's one, opening Firefox --> All the data synced by Firefox in my Windows account were there although I haven't logined my Firefox account here yet.

It should have something to isolate data from one user to another one.

Last time, I did an experiments to copy the whole folder of FIREFOX in one computer and moved to another one. Then I opened the Firefox (on new computer) and to my surprise, I can see all the data from the old computer without any Master password.

I think this is very serious hole as if someone can log in your Windows account and copy all the folders by Firefox, they will access all of your data.

Hi Jscher2000, I meaned I have two user accounts on Windows 10. I used one account and another person will use the other account. When I log in my account on Windows 10, open Firefox and start to sync my data on Firefox. Then I log out my Windows account and login to my friend's one, opening Firefox --> All the data synced by Firefox in my Windows account were there although I haven't logined my Firefox account here yet. It should have something to isolate data from one user to another one. Last time, I did an experiments to copy the whole folder of FIREFOX in one computer and moved to another one. Then I opened the Firefox (on new computer) and to my surprise, I can see all the data from the old computer without any Master password. I think this is very serious hole as if someone can log in your Windows account and copy all the folders by Firefox, they will access all of your data.
Σάς φάνηκε χρήσιμο;
Παράθεση
jscher2000
  • Top 10 Contributor
8704 λύσεις 71122 απαντήσεις
Δημοσιεύτηκε

Επιλεγμένη λύση

Each user should have a completely separate profile saved under their own Windows user folder. Not until you sign in to a Firefox Account should any data cross over. If you check your profile folder location, can you confirm that the folders for each of the two Windows accounts are stored under the correct Windows user? That is listed on the Troubleshooting Information page. Either:

  • "3-bar" menu button > "?" Help > Troubleshooting Information
  • (menu bar) Help > Troubleshooting Information
  • type or paste about:support in the address bar and press Enter

In the first table on the page, check the Profile Folder row.

Each user should have a completely separate profile saved under their own Windows user folder. Not until you sign in to a Firefox Account should any data cross over. If you check your profile folder location, can you confirm that the folders for each of the two Windows accounts are stored under the correct Windows user? That is listed on the Troubleshooting Information page. Either: * "3-bar" menu button > "?" Help > Troubleshooting Information * (menu bar) Help > Troubleshooting Information * type or paste '''about:support''' in the address bar and press Enter In the first table on the page, check the Profile Folder row.
Σάς φάνηκε χρήσιμο;
Παράθεση
Κάντε μια ερώτηση

Πρέπει να συνδεθείτε στο λογαριασμό σας για να απαντήσετε στις δημοσιεύσεις. Παρακαλούμε ξεκινήστε μια νέα ερώτηση, αν δεν έχετε ήδη λογαριασμό.