Шукати в статтях підтримки

Остерігайтеся нападів зловмисників. Mozilla ніколи не просить вас зателефонувати, надіслати номер телефону у повідомленні або поділитися з кимось особистими даними. Будь ласка, повідомте про підозрілі дії за допомогою меню “Повідомити про зловживання”

Докладніше

Ця тема перенесена в архів. Якщо вам потрібна допомога, запитайте.

Login Password can be bypassed by cancelling 3 times

  • 5 відповідей
  • 5 мають цю проблему
  • 7 переглядів
  • Остання відповідь від Robert5040

more options

If I cancel the password prompt 3 times, Thunderbird allows me access as though I had put in the correct login password.

Windows 10; Thunderbird 38.2.0

If I cancel the password prompt 3 times, Thunderbird allows me access as though I had put in the correct login password. Windows 10; Thunderbird 38.2.0

Усі відповіді (5)

more options

Does it let you download new messages, or send messages?

Змінено Zenos

more options

Yes, I can send and download messages ... everything as though I had put in the password.

more options

Sorry, my apologies ... It doesn't allow me to send/receive messages, but I can view all the messages.

more options

Well, strange as it may seem, Thunderbird is working as designed.

For your convenience, it stores passwords so you don't have to key them in every time you open Thunderbird. It allows these stored passwords to be protected by a Master Password, so only someone who knows the Master Password will be allowed to use or see the stored passwords.

It wasn't designed to protect the contents of your messages; the assumption was that you'd get this type of security via the Operating System's user accounts. So if you leave your computer unattended, you'd perhaps want everything to be locked down via a password-protected screensaver.

More here: http://kb.mozillazine.org/Protecting_the_contents_of_the_profile_-_mail

Personally I use the Startup Master add-on: https://addons.mozilla.org/en-GB/thunderbird/addon/startupmaster/

It prevents the situation you report; if a good password isn't entered, it simply closes Thunderbird without the user having sight of any of your email folders. It is weak protection, since a savvy user might know to start Thunderbird in Safe Mode thereby disabling this add-on, or he might know how to browse to your mail stores and read them in a regular text editor. But it's effective in stopping most people from opening your Thunderbird. But of no help if you have opened it up yourself and have left it unattended - again, a system password should be used to keep unauthorised people away.

more options

Many thanks ... yes, this is very strange security indeed! I must say that the mechanism used by Outlook is infinitely better. After all, with Thunderbird's 'security' anyone who gets access to the computer can read the emails.

Effectively all this does really is to prevent the sending and receiving of messages ... which can be just as easily achieved by the OS user account security.

I will install your recommened add-on ... but I wonder if there is any possibility that this security loophole might one day be tightened up?