Avatar for Username

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

PasswordFox can reveal passwords stored in FF (58) profile even if there is master password?

  • 8 replies
  • 1 has this problem
  • 46 views
  • Last reply by cor-el

joe2567
joe2567

PasswordFox utility from http://www.nirsoft.net/utils/passwordfox.html can reveal passwords stored in FF (58) profile even if there is master password?! I tested this on two computers.

This is possibly serious security issue?

Regards

PasswordFox utility from http://www.nirsoft.net/utils/passwordfox.html can reveal passwords stored in FF (58) profile even if there is master password?! I tested this on two computers. This is possibly serious security issue? Regards

Chosen solution

there were "key3.db" and "history.json.corrupt" files, so I removed them now Password Fox can't read passwords at all, even if I remove master pwd. from FF, but I can live with that

thank you

Read this answer in context 👍 0

All Replies (8)

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 10 Contributor

Unless you tell PasswordFox your master password, I don't know how it would figure it out.

Are you sure you have a Master Password set up on each of your Firefox installations? That is a separate step from your Firefox Account + Sync setup. This article has the details:

Use a Primary Password to protect stored logins and passwords

joe2567
joe2567 Question owner

FF master password set (on both computers), NOT sync password!

philipp
philipp
  • Moderator

hi, i am not able to reproduce that - are you sure you're pointing (F9) the utility to the right profile folder with the master password set? does it also work while firefox isn't running?

joe2567
joe2567 Question owner

no, I did not tell PasswordFox my master pwd., and it is pointed to the right FF profile, I tested it on my wife laptop and behaves the same...

our FF profiles are not on default place, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\q7lkqlyv.default, they are on another partition/folder, this is only thing I can think of?

this behavior is really unbelievable, regards

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 10 Contributor

joe2567 said

our FF profiles are not on default place, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\q7lkqlyv.default, they are on another partition/folder, this is only thing I can think of?

As long as Firefox is regularly prompting you to enter your Master Password to use your saved logins or when you want to view them on the Options page, the feature should be working and the folder location should not matter.

cor-el
cor-el
  • Moderator

Are there any legacy password files in that profile like key3.db or signons,sqlite?

Current Firefox releases use logins.json (passwords) and key4.db (encrypt key), so you can remove or backup key3.db and any signons files or files that have .corrupt appended.

joe2567
joe2567 Question owner

Chosen Solution

there were "key3.db" and "history.json.corrupt" files, so I removed them now Password Fox can't read passwords at all, even if I remove master pwd. from FF, but I can live with that

thank you

cor-el
cor-el
  • Moderator

If you can't read existing passwords or add new passwords then remove or rename logins.json and key4.db (and key3,db) to start with fresh files.

If you still have the key3.db file then remove key4.db and try logins.json and key3.db to see if a new migration works.