[GH-ISSUE #433] Data Breach Report throws error if account not breached/404 is returned #256

New issue

Closed

opened 2026-03-03 01:27:18 +03:00 by kerem · 1 comment

kerem commented

2026-03-03 01:27:18 +03:00

Owner

Originally created by @domainzero on GitHub (Mar 13, 2019).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/433

Running the Data Breach Report on an account that has no breaches listed returns an error in the UI instead of a "No breaches found" error. According to the logs, a 404 is returned from the API. This looks like it's probably a web vault issue, but I'm not sure if this problem exists upstream.

Here's a snippet from docker logs:

[2019-03-13 20:52:32][reqwest::async_impl::response][DEBUG] Response: '404 Not Found' for https://haveibeenpwned.com/api/v2/breachedaccount/<REDACTED>
[2019-03-13 20:52:32][tokio_reactor][DEBUG] dropping I/O source: 0
[2019-03-13 20:52:32][bitwarden_rs::error][ERROR] ReqError.
[CAUSE] Error {
    kind: ClientError(
        404
    ),
    url: Some(
        "https://haveibeenpwned.com/api/v2/breachedaccount/<REDACTED>"
    )
}

Originally created by @domainzero on GitHub (Mar 13, 2019). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/433 Running the Data Breach Report on an account that has no breaches listed returns an error in the UI instead of a "No breaches found" error. According to the logs, a 404 is returned from the API. This looks like it's probably a web vault issue, but I'm not sure if this problem exists upstream. Here's a snippet from `docker logs`: ``` [2019-03-13 20:52:32][reqwest::async_impl::response][DEBUG] Response: '404 Not Found' for https://haveibeenpwned.com/api/v2/breachedaccount/<REDACTED> [2019-03-13 20:52:32][tokio_reactor][DEBUG] dropping I/O source: 0 [2019-03-13 20:52:32][bitwarden_rs::error][ERROR] ReqError. [CAUSE] Error { kind: ClientError( 404 ), url: Some( "https://haveibeenpwned.com/api/v2/breachedaccount/<REDACTED>" ) } ```

kerem closed this issue

2026-03-03 01:27:18 +03:00

kerem commented

2026-03-03 01:27:19 +03:00

Author

Owner

@dani-garcia commented on GitHub (Mar 13, 2019):

Thanks for bringing this up, when HIBP doesn't find a breach it returns a 404, which we treat as an error and return a generic 400. I've changed it to return a 404 correctly in the latest commit and I've tested that it now works correctly. (github.com/dani-garcia/bitwarden_rs@61515160a7)

@dani-garcia commented on GitHub (Mar 13, 2019): Thanks for bringing this up, when HIBP doesn't find a breach it returns a 404, which we treat as an error and return a generic 400. I've changed it to return a 404 correctly in the latest commit and I've tested that it now works correctly. (https://github.com/dani-garcia/bitwarden_rs/commit/61515160a7688fa4ba2b7a7c5ddea3df2a1c1611)

kerem referenced this issue

2026-03-03 08:36:30 +03:00

[PR #256] [MERGED] Prevent accepted user from seeing ciphers until confirmed (fixes #196) #2686