[tor-bugs] #30209 [Applications/Tor Browser]: logins.json data is added unencrypted, maybe thats why peolpe have problems with saved login data

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Apr 17 02:17:03 UTC 2019


#30209: logins.json data is added unencrypted, maybe thats why peolpe have problems
with saved login data
-------------------------------------+-------------------------------------
 Reporter:  sashaman                 |          Owner:  tbb-team
     Type:  defect                   |         Status:  new
 Priority:  High                     |      Component:  Applications/Tor
                                     |  Browser
  Version:                           |       Severity:  Major
 Keywords:  encryption, cipher,      |  Actual Points:
  tbb-8.0-issues, decryption,        |
  error, torbrowser, logins.json     |
Parent ID:                           |         Points:
 Reviewer:                           |        Sponsor:
-------------------------------------+-------------------------------------
 1)
 install TB
 disable always private surfing
 enable saving login data
 open a page with login form, logon and accept saving login data
 data is being added to logins.json in unencrypted form
 so far all seems right, but you will not be able to USE the saved logins

 2)
 go options again, set master pass, apply
 add another login (go logon somewhere and save)
 data is STILL being added to logins.json in UNENCRYPTED form (and
 unencrypted is not being encrypted)
 STILL not able to use the saved data

 3)
 copy over old logins.json and key4.db
 voila, you can use it...
 again try to add a new login to the old data -> same as 1) and 2) applies

 implies the mechanism is broken
 i can not find a fix

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30209>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list