[PR #6168] [MERGED] Fix WebauthN issue with Software Keys #3737

New issue

Closed

opened 2026-03-03 10:21:18 +03:00 by kerem · 0 comments

kerem commented

2026-03-03 10:21:18 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/6168
Author: @BlackDex
Created: 8/10/2025
Status: ✅ Merged
Merged: 8/10/2025
Merged by: @dani-garcia

Base: main ← Head: fix-webauthn

📝 Commits (1)

2a2a4a5 Fix WebauthN issue with Software Keys

📊 Changes

1 file changed (+9 additions, -6 deletions)

View changed files

📝 src/api/core/two_factor/webauthn.rs (+9 -6)

📄 Description

The check if the token used was a known valid token also checked if it needed to be updated. This check caused always caused an issue with tokens which do not need or want to be updated.

Since the cred_ids are already checked and deemed valid we only need to check if there is an updated needed. Their already is a function for this update_credential, which returns Some(true) if this was the case. So, only update the records if that is the case, else do not update anything.

Also, used constant time compare to check and validate the cred_id's.

P.S. I tested this with macOS where the key was created, and iOS which synced the key.
Same for Bitwarden, used the Firefox Extension to register and my Android to authenticate.
The YubiKey5c still works too, both USB or NFC.

Fixes #6154

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/6168 **Author:** [@BlackDex](https://github.com/BlackDex) **Created:** 8/10/2025 **Status:** ✅ Merged **Merged:** 8/10/2025 **Merged by:** [@dani-garcia](https://github.com/dani-garcia) **Base:** `main` ← **Head:** `fix-webauthn` --- ### 📝 Commits (1) - [`2a2a4a5`](https://github.com/dani-garcia/vaultwarden/commit/2a2a4a5a928547568a5239c1586a3f2291543dcf) Fix WebauthN issue with Software Keys ### 📊 Changes **1 file changed** (+9 additions, -6 deletions) <details> <summary>View changed files</summary> 📝 `src/api/core/two_factor/webauthn.rs` (+9 -6) </details> ### 📄 Description The check if the token used was a known valid token also checked if it needed to be updated. This check caused always caused an issue with tokens which do not need or want to be updated. Since the cred_ids are already checked and deemed valid we only need to check if there is an updated needed. Their already is a function for this `update_credential`, which returns `Some(true)` if this was the case. So, only update the records if that is the case, else do not update anything. Also, used constant time compare to check and validate the cred_id's. P.S. I tested this with macOS where the key was created, and iOS which synced the key. Same for Bitwarden, used the Firefox Extension to register and my Android to authenticate. The YubiKey5c still works too, both USB or NFC. Fixes #6154 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>