starred/vaultwarden

Fork 0

mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-26 01:35:54 +03:00

[GH-ISSUE #658] Cannot login from web vault after upgrade #442

New issue

Closed

opened 2026-03-03 01:29:11 +03:00 by kerem · 11 comments

kerem commented

2026-03-03 01:29:11 +03:00

Owner

Originally created by @sleweke on GitHub (Oct 10, 2019).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/658

Hi,

I'm using bitwarden_rs for quite some time and recently decided to upgrade from b6312340b6 to 0586c00285.
I've built from source and used the pre-compiled web-vault (v2.12.0) from https://github.com/dani-garcia/bw_web_builds/releases.

Having upgraded, I can login to my account from the browser extension and the desktop client. However, I cannot login from the web-vault. The log file only says
[bitwarden_rs::error][ERROR] Username or password is incorrect. Try again.

I'm using the SQLite backend and nginx as reverse proxy (configured as shown in https://github.com/dani-garcia/bitwarden_rs/wiki/Proxy-examples), if that matters.

Thanks for your help.

Originally created by @sleweke on GitHub (Oct 10, 2019). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/658 Hi, I'm using bitwarden_rs for quite some time and recently decided to upgrade from b6312340b68925bd7e31d49d80c2425a4397fe96 to 0586c0028556ace24a3852bb845cc22bce5c59f5. I've built from source and used the pre-compiled web-vault (v2.12.0) from https://github.com/dani-garcia/bw_web_builds/releases. Having upgraded, I can login to my account from the browser extension and the desktop client. However, I cannot login from the web-vault. The log file only says `[bitwarden_rs::error][ERROR] Username or password is incorrect. Try again.` I'm using the SQLite backend and nginx as reverse proxy (configured as shown in https://github.com/dani-garcia/bitwarden_rs/wiki/Proxy-examples), if that matters. Thanks for your help.

kerem

2026-03-03 01:29:11 +03:00

closed this issue
added the
troubleshooting
label

kerem commented

2026-03-03 01:29:12 +03:00

Author

Owner

@mprasil commented on GitHub (Oct 11, 2019):

Make sure you're using the same sqlite DB. This looks like the username and password don't match and assuming you're 100% sure you're typing in the right password the only likely scenario is that the DB itself is either blank or corrupted. The quick way to test that is to try and create same user as you're logging into - it should fail saying that the address is already used.

@mprasil commented on GitHub (Oct 11, 2019): Make sure you're using the same sqlite DB. This looks like the username and password don't match and assuming you're 100% sure you're typing in the right password the only likely scenario is that the DB itself is either blank or corrupted. The quick way to test that is to try and create same user as you're logging into - it should fail saying that the address is already used.

kerem commented

2026-03-03 01:29:12 +03:00

Author

Owner

@sleweke commented on GitHub (Oct 11, 2019):

I'm using the same DB file. When creating the same user, the process fails saying that the username already exists.
Besides, desktop, Android, and browser extension clients work just fine (including sync).

@sleweke commented on GitHub (Oct 11, 2019): I'm using the same DB file. When creating the same user, the process fails saying that the username already exists. Besides, desktop, Android, and browser extension clients work just fine (including sync).

kerem commented

2026-03-03 01:29:13 +03:00

Author

Owner

@mprasil commented on GitHub (Oct 11, 2019):

Any errors in the browser console?

@mprasil commented on GitHub (Oct 11, 2019): Any errors in the browser console?

kerem commented

2026-03-03 01:29:13 +03:00

Author

Owner

@sleweke commented on GitHub (Oct 11, 2019):

All clean. The prelogin request returns the correct number of KdfIterations (matches .env file).
I can try downgrading the web-vault to one of the previous versions (perhaps v2.11.0).
Since all other clients work (desktop, Android, browser extension) and use the same API, as far as I know, it has to be the web-vault.

@sleweke commented on GitHub (Oct 11, 2019): All clean. The `prelogin` request returns the correct number of `KdfIterations` (matches `.env` file). I can try downgrading the web-vault to one of the previous versions (perhaps v2.11.0). Since all other clients work (desktop, Android, browser extension) and use the same API, as far as I know, it has to be the web-vault.

kerem commented

2026-03-03 01:29:13 +03:00

Author

Owner

@BlackDex commented on GitHub (Oct 11, 2019):

@sleweke, also try an other browser and maybe even private/incognito mode

@BlackDex commented on GitHub (Oct 11, 2019): @sleweke, also try an other browser and maybe even private/incognito mode

kerem commented

2026-03-03 01:29:13 +03:00

Author

Owner

@sleweke commented on GitHub (Oct 12, 2019):

I've tried web-vault 2.11.0, 2.10.0, and 2.9.0. They did not work. I also checked several browsers (Firefox, Chrome, Safari) without success.
However, I've found out that the other clients do not login either. I had assumed that starting the client and entering your credentials amounts to logging in. But apparently, you have to explicitly logout in the client. It turns out that the clients also fail to login.

I've modified the error messages in the source and found that this one triggers the error:
github.com/dani-garcia/bitwarden_rs@dc515b83f3/src/api/identity.rs (L92)
This means that the password is not recognized. The SQLite DB seems intact.

Any idea why the password is not accepted?

@sleweke commented on GitHub (Oct 12, 2019): I've tried web-vault 2.11.0, 2.10.0, and 2.9.0. They did not work. I also checked several browsers (Firefox, Chrome, Safari) without success. However, I've found out that the other clients do not login either. I had assumed that starting the client and entering your credentials amounts to logging in. But apparently, you have to explicitly logout in the client. It turns out that the clients also fail to login. I've modified the error messages in the source and found that this one triggers the error: https://github.com/dani-garcia/bitwarden_rs/blob/dc515b83f36890b5d2c6ceb4beb00b14df8bbc6f/src/api/identity.rs#L92 This means that the password is not recognized. The SQLite DB seems intact. Any idea why the password is not accepted?

kerem commented

2026-03-03 01:29:13 +03:00

Author

Owner

@BlackDex commented on GitHub (Oct 12, 2019):

Do you have a backup of the database of a few days or a week back? Check that if possible.

Also, try to create a new user and see if you can login or not.

@BlackDex commented on GitHub (Oct 12, 2019): Do you have a backup of the database of a few days or a week back? Check that if possible. Also, try to create a new user and see if you can login or not.

kerem commented

2026-03-03 01:29:13 +03:00

Author

Owner

@BlackDex commented on GitHub (Oct 12, 2019):

Also can you try to bypass nginx? And see if that helps?

@BlackDex commented on GitHub (Oct 12, 2019): Also can you try to bypass nginx? And see if that helps?

kerem commented

2026-03-03 01:29:13 +03:00

Author

Owner

@sleweke commented on GitHub (Oct 12, 2019):

A new account does work and I can login from the web-vault.
I also have a backup of the DB before upgrading bitwarden_rs (i.e., before DB migrations).

So it boils down to changes in password related mechanisms or the upgrade path.
Should I open a separate issue, since this problem is essentially resolved?

Since I don't have many users, can I replace the password hashes (maybe including the salts)? If so, how can I recompute given the original passwords?

@sleweke commented on GitHub (Oct 12, 2019): A new account does work and I can login from the web-vault. I also have a backup of the DB before upgrading bitwarden_rs (i.e., before DB migrations). So it boils down to changes in password related mechanisms or the upgrade path. Should I open a separate issue, since this problem is essentially resolved? Since I don't have many users, can I replace the password hashes (maybe including the salts)? If so, how can I recompute given the original passwords?

kerem commented

2026-03-03 01:29:13 +03:00

Author

Owner

@BlackDex commented on GitHub (Oct 12, 2019):

That will not work since the password is never sent to the server as far as i know. Just a crypted version. Also, the password used is used for decryption of all the content stored. So you can not simply replace the hash or whatever or even return that it is a valid password by changing the server code, since that will not unlock the stored data.

@BlackDex commented on GitHub (Oct 12, 2019): That will not work since the password is never sent to the server as far as i know. Just a crypted version. Also, the password used is used for decryption of all the content stored. So you can not simply replace the hash or whatever or even return that it is a valid password by changing the server code, since that will not unlock the stored data.

kerem commented

2026-03-03 01:29:13 +03:00

Author

Owner

@sleweke commented on GitHub (Oct 13, 2019):

@BlackDex I see. Thanks for the troubleshooting, though.
I'll open another issue.

@sleweke commented on GitHub (Oct 13, 2019): @BlackDex I see. Thanks for the troubleshooting, though. I'll open another issue.