본 사이트는 여러분의 사용자 경험을 개선하기 위해 유지 보수를 진행하는 동안 기능이 제한됩니다. 도움말로 문제가 해결되지 않고 질문을 하고 싶다면 Twitter의 @FirefoxSupport 및 Reddit의 /r/firefox 채널을 활용하세요.

Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

How to stop Firefox from storing CAC PIN?

  • 2 답장
  • 1 이 문제를 만남
  • 2 보기
  • 최종 답변자: cor-el

more options

I am working on setting up Firefox to use a CAC reader. In the process, it seems that Firefox stores my PIN. For example, in setting up the .dll to get Firefox to see the reader, I went to View Certificates to verify that they had been installed. Firefox (rightfully) asked me for my PIN and I entered.

I then went to a site that required the CAC and while it asked me for the certificate to use (correct), it failed to ask me for my PIN and logged me into the site.

I then closed the tab and went to another site and again, while it asked for the certificate, it didn't ask for the PIN.

I then closed Firefox completely (and all other browsers) and restarted, went to a site. It asks for the certificate but doesn't ask for the PIN.

I installed IE Tab v2 because some sites were refusing to recognize the card in the reader. After doing so, it found the card and asked me for the certificate...but not the PIN.

The only way to get Firefox to forget the PIN is to reboot the computer but as soon as you use your PIN, it is stored in Firefox.

This is an exceedingly huge security hole. The entire point of a CAC is that it requires two-step authentication. I need both the card and the PIN. If someone has my card and they go to a machine that hasn't been rebooted that I used, then they can access sites that require CAC login because Firefox has stored my PIN.

How do I get Firefox to not store the PIN? I should be asked every single time.

I am working on setting up Firefox to use a CAC reader. In the process, it seems that Firefox stores my PIN. For example, in setting up the .dll to get Firefox to see the reader, I went to View Certificates to verify that they had been installed. Firefox (rightfully) asked me for my PIN and I entered. I then went to a site that required the CAC and while it asked me for the certificate to use (correct), it failed to ask me for my PIN and logged me into the site. I then closed the tab and went to another site and again, while it asked for the certificate, it didn't ask for the PIN. I then closed Firefox completely (and all other browsers) and restarted, went to a site. It asks for the certificate but doesn't ask for the PIN. I installed IE Tab v2 because some sites were refusing to recognize the card in the reader. After doing so, it found the card and asked me for the certificate...but not the PIN. The only way to get Firefox to forget the PIN is to reboot the computer but as soon as you use your PIN, it is stored in Firefox. This is an exceedingly huge security hole. The entire point of a CAC is that it requires two-step authentication. I need both the card and the PIN. If someone has my card and they go to a machine that hasn't been rebooted that I used, then they can access sites that require CAC login because Firefox has stored my PIN. How do I get Firefox to not store the PIN? I should be asked every single time.

선택된 해결법

Further investigation reveals the issue is leaving the CAC in the reader. If you have activated the cert with the PIN and leave the CAC in the reader and then go to another site, it asks for cert but since you have already put in the PIN, it won't ask again.

If you pull the CAC and put it back in before going to the site, it will ask you for the PIN again.

문맥에 따라 이 답변을 읽어주세요 👍 0

모든 댓글 (2)

more options

선택된 해결법

Further investigation reveals the issue is leaving the CAC in the reader. If you have activated the cert with the PIN and leave the CAC in the reader and then go to another site, it asks for cert but since you have already put in the PIN, it won't ask again.

If you pull the CAC and put it back in before going to the site, it will ask you for the PIN again.

more options

Is there any Log Out button visible in the Certificate Manager under Security Devices when you select this device to log out from this device?

This might be a Windows feature where you unlock this device by entering the PIN and not a Firefox issue because in that case you would have to reenter the PIN after a restart like is required for the master password (log in to the Software Security Device).