16 upvotes, 1 direct replies (showing 1)
View submission: Is this simple security bypass known bug?
Well this was obviously a bug. Password vault services have also fucked up before.
And regardless, this is just the user password. If logged into your phone then they already have the password.
Looks like the Firefox android app doesn't have a master password. So you wouldn't want to turn on password sync on your phone.
But the desktop browser does, so it's fine there if you set a master password.
So with a master password it is practically the same, if my assumption is correct of how others work- that they are just being locally encrypted with a master password.
Comment by sturmeh at 21/11/2024 at 02:25 UTC
0 upvotes, 0 direct replies
I get that it's a bug, but encrypted and stored locally is a bit of a stretch.