I know Firefox 8 stores it's passwords in a SQLite database, which can easily be stolen with access to the HDD!
What about Thunderbird 8? How does it store the passwords and how can one retieve them?
I know NirSoft has this nice tool to retrieve passwords, but it's not compatible with Thunderbird > 5.
On linux, the password database is stored in:
/home/$USER/.thunderbird/$RANDOM_STRING.default/signons.sqlite
See @Karrax's answer for Windows locations.
You can examine this file interactively using the sqlite3 CLI:
sqlite3 ~/.thunderbird/zxcv1357.default/signons.sqlite
sqlite> .tables
moz_disabledHosts moz_logins
sqlite> .schema moz_logins
CREATE TABLE moz_logins (id INTEGER PRIMARY KEY,hostname TEXT NOT NULL,httpRealm TEXT,formSubmitURL TEXT,usernameField TEXT NOT NULL,passwordField TEXT NOT NULL,encryptedUsername TEXT NOT NULL,encryptedPassword TEXT NOT NULL,guid TEXT,encType INTEGER, timeCreated INTEGER, timeLastUsed INTEGER, timePasswordChanged INTEGER, timesUsed INTEGER);
CREATE INDEX moz_logins_encType_index ON moz_logins(encType);
CREATE INDEX moz_logins_guid_index ON moz_logins(guid);
CREATE INDEX moz_logins_hostname_formSubmitURL_index ON moz_logins(hostname, formSubmitURL);
CREATE INDEX moz_logins_hostname_httpRealm_index ON moz_logins(hostname, httpRealm);
CREATE INDEX moz_logins_hostname_index ON moz_logins(hostname);
sqlite> select * from moz_logins;
3|imap://imap.example.com|imap://imap.example.com||||MEIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIQwErTyUiOp12345GmuM2KNXcZ=|MEIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIQwErTyUiOp12345GmuM2KNXcZ=|{1234abcd-beef-feed-face-0a0a0a0a0a}|1|1320123123123|1320123123123|1320123123123|1
4|smtp://smtp.example.com|smtp://smtp.example.com||||MEIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIQwErTyUiOp12345GmuM2KNXcZ=|MEIEEPgAAAAAAAAAAAAAAAAAAAEwFAYIQwErTyUiOp12345GmuM2KNXcZ=|{1decafbad-fa11-1234-1234-abcdef0123456}|1|1320123123123|1320123123123|1320123123123|1
If you wanted to fetch usernames/passwords from code, it's as simple as:
echo "select encryptedUsername, encryptedPassword from moz_logins;" | sqlite3 ~/.thunderbird/*.default/signons.sqlite
or the equivalent in your favorite programming language with sqlite3 bindings.
Of course, if they're encrypted (as shown above) you'll need to put some effort into guessing the master password used for encryption. As a user, know that if you use a weak master password (e.g. P4ssw0rd1) it will be trivial to get the cleartext passwords.
In Thunderbird 8.0, I can easily see all my passwords in the Options window, in Security tab, in the Passwords tab, in the Saved passwords window, with the "Show passwords" button.
I am not sure if you meant "how do I access the passwords programmatically".
The answer is yes.
ThunderBird stores all remembered email settings along with password into the SQLite database file 'signons.sqlite' in its profile location. The default profile location for different platforms is as follows,
[Windows XP]
C:\Documents and Settings\<user_name>\Application Data\Thunderbird\Profiles\<random_name>.default
[Windows Vista & Windows 7]
C:\Users\<user_name>\AppData\Roaming\Thunderbird\Profiles\<random_name>.default
It would appear (since the docs for the master password relate to both) that Firefox and Thunderbird store their passwords in the same way. So yes, unless you encrypt your passwords with a master password, the passwords can easily be retrieved.
This Python script uses the Thunderbird/Firefox libraries to read the passwords stored in the logins.sqlite or signons.sqlite files from your profile folder.
It prompts you for your master password, which you can leave empty if you didn't use one.
And there is also this one, which I used recently (Oct. 2021) for Thunderbird passwords. It needs the logins.json and the key3.db or key4.db files from the profile directory. It also works for Firefox passwords.
