mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-04-25 17:25:57 +03:00
[GH-ISSUE #5497] Question: why is ADMIN_TOKEN not mandatory #2169
Labels
No labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
question
troubleshooting
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/vaultwarden#2169
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @jflecool2 on GitHub (Jan 29, 2025).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/5497
Hello!
First, thanks for creating vaultwarden!!
I have a question,
Considering vaultwarden store passwords, (safety is primordial)
Considering a argon 'ADMIN_TOKEN' is necessary to be safe (according to https://github.com/dani-garcia/vaultwarden/releases/tag/1.33.0)
Why is ADMIN_TOKEN not forced?
If I wouldnt have checked the new release, I would have never known. Its maybe in the log (?), but I dont think every one looks at the logs. I know I dont.
Thanks
@stefan0xC commented on GitHub (Jan 29, 2025):
If you have no
ADMIN_TOKEN(norDISABLE_ADMIN_TOKEN=true) set, the/adminpanel is not active and there would have been no security flaw to be exploited. Or to quote the linked advisory@BlackDex commented on GitHub (Jan 29, 2025):
And this, as @stefan0xC says, you need to disable it specificaly and the token is mandatory
@7heMech commented on GitHub (Jan 29, 2025):
Hey, sorry to chip in, would you guys recommend keeping admin disabled until changes need to be made?
@stefan0xC commented on GitHub (Jan 29, 2025):
I'd recommend never setting
DISABLE_ADMIN_TOKEN=true. If you need the/adminpanel, I'd probably recommend setting up an additional form of access control (i.e. restricting it to a specific IP address / VPN) instead. I mean, disabling it and only enabling it when needed, should be fine too but personally I think that would be a bit of a hassle.@BlackDex commented on GitHub (Jan 29, 2025):
If you just set a token, and maybe as extra add basic auth or authelia or something via your reverse proxy, that should be more then enough.
@BlackDex commented on GitHub (Jan 29, 2025):
Also, i would not change settings via the admin interface though. Only checking users and orgs, and diagnostics.
@jflecool2 commented on GitHub (Jan 29, 2025):
Ok I think I get it:
correct ?
@7heMech commented on GitHub (Jan 29, 2025):
Oh, well, I setup everything from there already 😓
My instance is proxied behind cloudflare, I could setup some rules over there for /admin yeah, thanks so much for the advice!
@BlackDex commented on GitHub (Jan 29, 2025):
Yes / No. The security issue is already fixed, with or without admin token. But it's not adviced.
No since
DISABLE_ADMIN_TOKENas the option says disables the token, and thus rendersADMIN_TOKENnot used.@stefan0xC commented on GitHub (Jan 29, 2025):
No.
DISABLE_ADMIN_TOKENis inherently unsafe as it straight up enables the/adminpanel to be used without a password. The idea would be that you are responsible for setting up a separate auth layer as described by the comment.github.com/dani-garcia/vaultwarden@3c29f82974/.env.template (L395-L397)So personally I think that option in itself is a security flaw, which is why I'd never recommend enabling it.
@jflecool2 commented on GitHub (Jan 29, 2025):
Ok I understand!
From where I stand, default is safe, ADMIN_TOKEN is safe, and DISABLE_ADMIN_TOKEN is somewhat inherently unsafe but the name already implies that its unsafe in my opinion, so its fine. thanks guys! Vaultwarden rocks!