Firefox Users – Master Password at Risk!

Windows Articles

How to enable and disable SMB1/SMB2 in Windows 10

Hello! Windows 10 is an operating system that integrates various protocols to ensure its use with internal and external processes. Indeed, one...

Install Wine 5 on Debian 10

Hi, folks. In this post, I will help you install Wine 5 on Debian 10. Wine is one of...

Is ReactOS a real alternative to Windows?

Oh! The eternal struggle of computer operating systems. Windows vs. GNU/Linux and Mac as a distant spectator However, there are also interesting...

How to install Firebird on Ubuntu 20.04/ 18.04?

Database management systems are sufficient for many kinds of projects. Of course, they abound with MySQL / MariaDB or PostgreSQL popular but...

How to disable Firewall in Windows Server 2019/2016

Hello! The Firewall performs an essential security task on any version of Windows Server. In fact, it has the mission of preventing...
Mel Khamlichi
Mel Khamlichihttp://www.osradar.com
Founder of Osradar, from Amsterdam Netherlands

Firefox is one of the best web browsers of the entire internet world, right? It’s stable, fast and awesome with thousands of extensions in the store. In every case, Firefox competes with all other web browsers and have earned a good reputation. However, there’s a security gap found recently in the browser that puts users at risk.

The risk

If you’re a Firefox user, you already know that there’s a feature named “Master Password”. The browser will remember all the passwords of every login credentials; you have to unlock them only using the master password. This is a really time-saving and powerful feature. Unfortunately, due to poor design, the system is highly vulnerable.

The same feature is available in both Firefox and Thunderbird. Security experts lauded the attempt as until that point, Firefox saved the passwords in the cleartext format, leaving them vulnerable to anyone having physical access to the PC. Now, the author of Adblock Plus – Wladimir Palant, says that the master password system uses a weak encryption method that’s highly vulnerable to brute-force attacks.

The leakage

Palant looked into the source code and found the function that converts the passwords into SHA-1 string along with some random salt and the actual master password.

In this process, the count of iteration is a big factor. The higher the count, the better protection. In the industrial area, the accepted value is 10,000 whereas other powerful apps like LastPass use the value 100,000. In this factor, the count for Firefox is extremely LOW – only 1!

This low iteration count allows a hacker to easily break down the master password by using the brute-force attack and use it to decrypt other stored passwords from the database of Firefox and Thunderbird. Palant also points out to present powerful GPUs that can brute-force simplistic passwords within a minute. Thus, the “Master Password” feature isn’t worth at all.

This issue was reported about 9 years ago by Justin Dolske when the “Master Password” feature was just launched. Despite the report, Mozilla didn’t take any official action for years! Recently, Palant received the first official Mozilla response regarding the case – they’re developing a better tool, currently codenamed “Lockbox” and it’s available as an extension. Once it’s fully developed, it’s supposed to solve the issue.

If you’re using a master password, you don’t need to worry right now. Unless Mozilla fixes things permanently, use a longer and more complex password. This way, the vulnerability can be mitigated to the lowest level. If you’re not using, use master password as it encrypts the other passwords instead of plain text.

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to enable and disable SMB1/SMB2 in Windows 10

Hello! Windows 10 is an operating system that integrates various protocols to ensure its use with internal and external processes. Indeed, one...

Install Wine 5 on Debian 10

Hi, folks. In this post, I will help you install Wine 5 on Debian 10. Wine is one of...

Is ReactOS a real alternative to Windows?

Oh! The eternal struggle of computer operating systems. Windows vs. GNU/Linux and Mac as a distant spectator However, there are also interesting...

How to install Firebird on Ubuntu 20.04/ 18.04?

Database management systems are sufficient for many kinds of projects. Of course, they abound with MySQL / MariaDB or PostgreSQL popular but...

How to disable Firewall in Windows Server 2019/2016

Hello! The Firewall performs an essential security task on any version of Windows Server. In fact, it has the mission of preventing...