[GH-ISSUE #3001] TOTP not working with some services #1440

New issue

Closed

opened 2026-03-03 02:09:12 +03:00 by kerem · 4 comments

kerem commented 2026-03-03 02:09:12 +03:00

Owner

Copy link

Originally created by @0xab3d on GitHub (Dec 16, 2022).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/3001

Subject of the issue

TOTP not working with some services such as sucuri.net

Deployment environment

• vaultwarden version: 1.26

• Install method: Docker

• Clients used: web vault and Edge extension

• Reverse proxy and version: Sucuri SaaS

• MySQL/MariaDB or PostgreSQL version:

• Other relevant details:

Steps to reproduce

Edit the Sucuri entry, try to add the TOTP seed, nothing happens. Once I click save, the Edge extension just logs out. Replicated this on the web as well.

Expected behaviour

TOTP seed starts providing the 6 digit codes.

Actual behaviour

The Edge extension and the web session logs out when I save the changes.

Troubleshooting data

Originally created by @0xab3d on GitHub (Dec 16, 2022). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/3001 <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue <!-- Describe your issue here. --> TOTP not working with some services such as _sucuri.net_ ### Deployment environment <!-- ========================================================================================= Preferably, use the `Generate Support String` button on the admin page's Diagnostics tab. That will auto-generate most of the info requested in this section. ========================================================================================= --> <!-- The version number, obtained from the logs (at startup) or the admin diagnostics page --> <!-- This is NOT the version number shown on the web vault, which is versioned separately from vaultwarden --> <!-- Remember to check if your issue exists on the latest version first! --> * vaultwarden version: 1.26 <!-- How the server was installed: Docker image, OS package, built from source, etc. --> * Install method: Docker * Clients used: <!-- web vault, desktop, Android, iOS, etc. (if applicable) --> web vault and Edge extension * Reverse proxy and version: <!-- if applicable --> Sucuri SaaS * MySQL/MariaDB or PostgreSQL version: <!-- if applicable --> * Other relevant details: ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start vaultwarden? --> Edit the Sucuri entry, try to add the TOTP seed, nothing happens. Once I click save, the Edge extension just logs out. Replicated this on the web as well. ### Expected behaviour <!-- Tell us what you expected to happen --> TOTP seed starts providing the 6 digit codes. ### Actual behaviour <!-- Tell us what actually happened --> The Edge extension and the web session logs out when I save the changes. ### Troubleshooting data <!-- Share any log files, screenshots, or other relevant troubleshooting data -->

kerem closed this issue 2026-03-03 02:09:13 +03:00

kerem commented 2026-03-03 02:09:13 +03:00

Author

Owner

Copy link

@BlackDex commented on GitHub (Dec 16, 2022):

I'm not sure how Sucuri SaaS works. Does that add an extra layer of authentication, then that could be an issue.

<!-- gh-comment-id:1355545932 --> @BlackDex commented on GitHub (Dec 16, 2022): I'm not sure how Sucuri SaaS works. Does that add an extra layer of authentication, then that could be an issue.

kerem commented 2026-03-03 02:09:13 +03:00

Author

Owner

Copy link

@0xab3d commented on GitHub (Dec 16, 2022):

Hey, it is a reverse proxy (acting as WAF)

<!-- gh-comment-id:1355570240 --> @0xab3d commented on GitHub (Dec 16, 2022): Hey, it is a reverse proxy (acting as WAF)

kerem commented 2026-03-03 02:09:14 +03:00

Author

Owner

Copy link

@BlackDex commented on GitHub (Dec 16, 2022):

I think the WAF is removing some headers or other items, which breaks either the client or server.

Check the logs, maybe set the log-level to debug for some more info.

<!-- gh-comment-id:1355609524 --> @BlackDex commented on GitHub (Dec 16, 2022): I think the WAF is removing some headers or other items, which breaks either the client or server. Check the logs, maybe set the log-level to debug for some more info.

kerem commented 2026-03-03 02:09:14 +03:00

Author

Owner

Copy link

@0xab3d commented on GitHub (Dec 16, 2022):

You're totally right. I have checked the logs and turned out the WAF is blocking PUT methods..

<!-- gh-comment-id:1355667544 --> @0xab3d commented on GitHub (Dec 16, 2022): You're totally right. I have checked the logs and turned out the WAF is blocking PUT methods..

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels   

SSO

  

Third party

  

better for forum

  

bug

  

bug

  

documentation

  

duplicate

  

enhancement

  

future Vault

  

future Vault

  

future Vault

  

good first issue

  

help wanted

  

low priority

  

notes

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

troubleshooting

  

wontfix

No labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

question

troubleshooting

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/vaultwarden#1440

No description provided.