[GH-ISSUE #1841] Exporting Unicode passwords and custom fields result in corrupted exported file filled with "?" characters #1076

New issue

Closed

opened 2026-03-03 02:06:02 +03:00 by kerem · 6 comments

kerem commented 2026-03-03 02:06:02 +03:00

Owner

Copy link

Originally created by @ghost on GitHub (Jul 6, 2021).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1841

Subject of the issue

When exporting passwords (in CSV or JSON), all fields (cleartext, custom and hidden) containing Unicode characters are corrupted. All Unicode characters are replaced with a '?' character resulting in a corruption of exported data.

This problem is also present on the Android app (version 2.10.0) and the Desktop app (version 1.27.0) (not checked on Navigators extensions).

I opened an issue on Bitwarden Web Vault but they couldn't reproduce the issue so it seems to be a problem on the Vaultwarden side.

Deployment environment

Your environment (Generated via diagnostics page)

• Vaultwarden version: v1.22.1
• Web-vault version: v2.20.4
• Running within Docker: false
• Environment settings overridden: true
• Uses a reverse proxy: true
• IP Header check: true (X-Real-IP)
• Internet access: true
• Internet access via a proxy: false
• DNS Check: true
• Time Check: true
• Domain Configuration Check: true
• HTTPS Check: true
• Database type: SQLite
• Database version: 3.35.4
• Clients used: Web vault, Desktop and Android.
• Reverse proxy and version: nginx 1.20.1
• Install method: OS package (Arch Linux).

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden: DOMAIN, SIGNUPS_ALLOWED, SIGNUPS_VERIFY, INVITATIONS_ALLOWED, PASSWORD_ITERATIONS, SHOW_PASSWORD_HINT, ADMIN_TOKEN, IP_HEADER, ICON_CACHE_TTL, ICON_CACHE_NEGTTL, ICON_BLACKLIST_NON_GLOBAL_IPS, AUTHENTICATOR_DISABLE_TIME_DRIFT, DISABLE_ADMIN_TOKEN, SMTP_HOST, SMTP_FROM, SMTP_FROM_NAME, SMTP_USERNAME, SMTP_PASSWORD, SMTP_AUTH_MECHANISM, SMTP_TIMEOUT, EMAIL_EXPIRATION_TIME, EMAIL_ATTEMPTS_LIMIT

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_ip_header_enabled": true,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "/var/lib/vaultwarden/data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "/var/lib/vaultwarden",
  "database_max_conns": 10,
  "database_url": "****/**.*******",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://**.******.**",
  "domain_origin": "*****://**.******.**",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "/var/lib/vaultwarden/data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "org_attachment_limit": null,
  "org_creation_users": "",
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "/var/lib/vaultwarden/data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_allowed": true,
  "sends_folder": "/var/lib/vaultwarden/data/sends",
  "show_password_hint": true,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": true,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": "Plain",
  "smtp_debug": false,
  "smtp_explicit_tls": true,
  "smtp_from": "*****@******.**",
  "smtp_from_name": "Bitwarden Server",
  "smtp_host": "****.******.**",
  "smtp_password": "***",
  "smtp_port": 465,
  "smtp_ssl": true,
  "smtp_timeout": 15,
  "smtp_username": "*****@******.**",
  "templates_folder": "/var/lib/vaultwarden/templates",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": true,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "/usr/share/webapps/vaultwarden-web/",
  "websocket_address": "127.0.0.1",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Steps to reproduce

1. Login to your Vault.
2. Go to "Tools" section.
3. Click on "Export Vault" section.
4. Choose export format, enter main password and click on "Export Vault" button.
5. Open the exported file with a text editor and check fields containing Unicode symbols.

Expected behaviour

The following password string : ×þd6%I6ÛOÇ0ìôYd]9|ÔK?îML7û_¿1%
will result in the following exported string : ×þd6%I6ÛOÇ0ìôYd]9|ÔK?îML7û_¿1%

The following custom field : Clé de Sécurité
will result in the following exported string : Clé de Sécurité

Actual behaviour

The following password string : ×þd6%I6ÛOÇ0ìôYd]9|ÔK?îML7û_¿1%
will result (approximately) in the following exported string : ??d6%I6?O?0??Yd]9??K??ML7?_?1%

The following custom field : Clé de Sécurité
will result in the following exported string : Cl? de S?curit?

Originally created by @ghost on GitHub (Jul 6, 2021). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1841 ### Subject of the issue When exporting passwords (in CSV or JSON), all fields (cleartext, custom and hidden) containing Unicode characters are corrupted. All Unicode characters are replaced with a '?' character resulting in a corruption of exported data. This problem is also present on the Android app (version 2.10.0) and the Desktop app (version 1.27.0) (not checked on Navigators extensions). I opened an issue on Bitwarden Web Vault but they couldn't reproduce the issue so it seems to be a problem on the Vaultwarden side. ### Deployment environment ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.22.1 * Web-vault version: v2.20.4 * Running within Docker: false * Environment settings overridden: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.35.4 * Clients used: Web vault, Desktop and Android. * Reverse proxy and version: nginx 1.20.1 * Install method: OS package (Arch Linux). ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** DOMAIN, SIGNUPS_ALLOWED, SIGNUPS_VERIFY, INVITATIONS_ALLOWED, PASSWORD_ITERATIONS, SHOW_PASSWORD_HINT, ADMIN_TOKEN, IP_HEADER, ICON_CACHE_TTL, ICON_CACHE_NEGTTL, ICON_BLACKLIST_NON_GLOBAL_IPS, AUTHENTICATOR_DISABLE_TIME_DRIFT, DISABLE_ADMIN_TOKEN, SMTP_HOST, SMTP_FROM, SMTP_FROM_NAME, SMTP_USERNAME, SMTP_PASSWORD, SMTP_AUTH_MECHANISM, SMTP_TIMEOUT, EMAIL_EXPIRATION_TIME, EMAIL_ATTEMPTS_LIMIT ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_ip_header_enabled": true, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "/var/lib/vaultwarden/data/attachments", "authenticator_disable_time_drift": false, "data_folder": "/var/lib/vaultwarden", "database_max_conns": 10, "database_url": "****/**.*******", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://**.******.**", "domain_origin": "*****://**.******.**", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "/var/lib/vaultwarden/data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "org_attachment_limit": null, "org_creation_users": "", "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "/var/lib/vaultwarden/data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_allowed": true, "sends_folder": "/var/lib/vaultwarden/data/sends", "show_password_hint": true, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": true, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": "Plain", "smtp_debug": false, "smtp_explicit_tls": true, "smtp_from": "*****@******.**", "smtp_from_name": "Bitwarden Server", "smtp_host": "****.******.**", "smtp_password": "***", "smtp_port": 465, "smtp_ssl": true, "smtp_timeout": 15, "smtp_username": "*****@******.**", "templates_folder": "/var/lib/vaultwarden/templates", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": true, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "/usr/share/webapps/vaultwarden-web/", "websocket_address": "127.0.0.1", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> ### Steps to reproduce 1. Login to your Vault. 2. Go to "Tools" section. 3. Click on "Export Vault" section. 4. Choose export format, enter main password and click on "Export Vault" button. 5. Open the exported file with a text editor and check fields containing Unicode symbols. ### Expected behaviour The following password string : ×þd6%I6ÛOÇ0ìôYd]9|ÔK?îML7û_¿1% will result in the following exported string : ×þd6%I6ÛOÇ0ìôYd]9|ÔK?îML7û_¿1% The following custom field : Clé de Sécurité will result in the following exported string : Clé de Sécurité ### Actual behaviour The following password string : ×þd6%I6ÛOÇ0ìôYd]9|ÔK?îML7û_¿1% will result (approximately) in the following exported string : ??d6%I6?O?0??Yd]9??K??ML7?_?1% The following custom field : Clé de Sécurité will result in the following exported string : Cl? de S?curit?

kerem closed this issue 2026-03-03 02:06:02 +03:00

kerem commented 2026-03-03 02:06:03 +03:00

Author

Owner

Copy link

@BlackDex commented on GitHub (Jul 6, 2021):

Have you tried this on the bitwarden site also? vault.bitwarden.com?
Since the export and import is a web-vault item, something we do not modify at all.

I think you need to report this at bitwarden, but I would suggest to first try it out on a free vault.bitwarden.com account.

<!-- gh-comment-id:874555692 --> @BlackDex commented on GitHub (Jul 6, 2021): Have you tried this on the bitwarden site also? vault.bitwarden.com? Since the export and import is a web-vault item, something we do not modify at all. I think you need to report this at bitwarden, but I would suggest to first try it out on a free vault.bitwarden.com account.

kerem commented 2026-03-03 02:06:03 +03:00

Author

Owner

Copy link

@ghost commented on GitHub (Jul 6, 2021):

I tried this on vault.bitwarden.com and the Unicode characters of passwords and text fields are correctly exported in JSON and CSV format.

<!-- gh-comment-id:874599917 --> @ghost commented on GitHub (Jul 6, 2021): I tried this on vault.bitwarden.com and the Unicode characters of passwords and text fields are correctly exported in JSON and CSV format.

kerem commented 2026-03-03 02:06:03 +03:00

Author

Owner

Copy link

@BlackDex commented on GitHub (Jul 6, 2021):

I just did a quick check, and it seems to work fine for me.
Could you check your Content-Type header in the response via F12 of any page request to your vault?
It should contain something like this: text/plain; charset=utf-8 or application/json.

It kinda looks like your vaultwarden server or the reverse proxy doesn't handle UTF8 correctly.
The thing is, vaultwarden doesn't do anything during the import/export, it is all client based.

So the only thing i can think of, is that the web-vault is sent using something else then UTF8 charset, which causes the javascript code to not use UTF8 or something.

<!-- gh-comment-id:874662250 --> @BlackDex commented on GitHub (Jul 6, 2021): I just did a quick check, and it seems to work fine for me. Could you check your `Content-Type` header in the response via F12 of any page request to your vault? It should contain something like this: `text/plain; charset=utf-8` or `application/json`. It kinda looks like your vaultwarden server or the reverse proxy doesn't handle UTF8 correctly. The thing is, vaultwarden doesn't do anything during the import/export, it is all client based. So the only thing i can think of, is that the web-vault is sent using something else then UTF8 charset, which causes the javascript code to not use UTF8 or something.

kerem commented 2026-03-03 02:06:03 +03:00

Author

Owner

Copy link

@ghost commented on GitHub (Jul 6, 2021):

I've verified the Content-Type of API requests and they are correct. I tried to export again from the web vault and it works with no data corrupted. But when I tried to export from the official Android app, the file was corrupted again. Finally, I think it's a bug in the Android app and not in the Web vault or backend server.

<!-- gh-comment-id:874686534 --> @ghost commented on GitHub (Jul 6, 2021): I've verified the `Content-Type` of API requests and they are correct. I tried to export again from the web vault and it works with no data corrupted. But when I tried to export from the official Android app, the file was corrupted again. Finally, I think it's a bug in the Android app and not in the Web vault or backend server.

kerem commented 2026-03-03 02:06:03 +03:00

Author

Owner

Copy link

@jjlin commented on GitHub (Jul 6, 2021):

This is presumably https://github.com/bitwarden/mobile/issues/1401, which is fixed but hasn't made it into a release yet. So it sounds like you just assumed the problem existed in the web vault and desktop client, but didn't actually verify?

<!-- gh-comment-id:874920415 --> @jjlin commented on GitHub (Jul 6, 2021): This is presumably https://github.com/bitwarden/mobile/issues/1401, which is fixed but hasn't made it into a release yet. So it sounds like you just assumed the problem existed in the web vault and desktop client, but didn't actually verify?

kerem commented 2026-03-03 02:06:03 +03:00

Author

Owner

Copy link

@ghost commented on GitHub (Jul 7, 2021):

Not exactly. I tried to export from the web vault an already corrupted database (previously imported after an upgrade of Vaultwaren which has removed some passwords) so I thought that the web vault was also impacted.

<!-- gh-comment-id:875413660 --> @ghost commented on GitHub (Jul 7, 2021): Not exactly. I tried to export from the web vault an already corrupted database (previously imported after an upgrade of Vaultwaren which has removed some passwords) so I thought that the web vault was also impacted.

kerem referenced this issue 2026-03-03 09:08:44 +03:00

[PR #1076] [MERGED] Fix soft delete notifications #2874

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.35.8

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels   

SSO

  

Third party

  

better for forum

  

bug

  

bug

  

documentation

  

duplicate

  

enhancement

  

future Vault

  

future Vault

  

future Vault

  

good first issue

  

help wanted

  

low priority

  

notes

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

troubleshooting

  

wontfix

No labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

question

troubleshooting

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/vaultwarden#1076

No description provided.