[GH-ISSUE #1179] wrong masterpassword in browser extension

kerem commented

2026-03-03 02:03:40 +03:00

Owner

Originally created by @lukasdietz on GitHub (Oct 9, 2020).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1179

Subject of the issue

I am facing a problem using the official google chrome addon. If it is locked and my user is "logged in" I am not able to log in. In this case I have to log out and log in again in order to get it to work again. The next time it gets automaticly locked it is not working anymore.
Another User has already showed the problem on YouTube: https://youtu.be/ndI-xeZf3dA

Your environment

Bitwarden_rs version: 2.11.0

Install method: Docker image
Clients used: Google Chrome Extension
Reverse proxy and version: latest version of nginx
Version of mysql/postgresql:
Other relevant information: I am running on a Debian server with all latest packages.

Steps to reproduce

Open Google Chrome and log in to Bitwaren using the official extension. Close Chrome so the Extension gets locked. After reopening Chrome and entering the password it is not accepted anymore.

Expected behaviour

The Extension should unlock my Passwordsafe with the given password.

Actual behaviour

It is not able to unlock. Insted it shows an error:
"Ein Fehler ist aufgetreten. Ungültiges Masterpassword"
"invalid masterpassword"

Relevant logs

Originally created by @lukasdietz on GitHub (Oct 9, 2020). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1179  ### Subject of the issue  I am facing a problem using the official google chrome addon. If it is locked and my user is "logged in" I am not able to log in. In this case I have to log out and log in again in order to get it to work again. The next time it gets automaticly locked it is not working anymore. Another User has already showed the problem on YouTube: https://youtu.be/ndI-xeZf3dA ### Your environment  * Bitwarden_rs version: 2.11.0  * Install method: Docker image * Clients used:  Google Chrome Extension * Reverse proxy and version:  latest version of nginx * Version of mysql/postgresql:  * Other relevant information: I am running on a Debian server with all latest packages. ### Steps to reproduce  Open Google Chrome and log in to Bitwaren using the official extension. Close Chrome so the Extension gets locked. After reopening Chrome and entering the password it is not accepted anymore. ### Expected behaviour  The Extension should unlock my Passwordsafe with the given password. ### Actual behaviour  It is not able to unlock. Insted it shows an error: "Ein Fehler ist aufgetreten. Ungültiges Masterpassword" "invalid masterpassword" ### Relevant logs

kerem closed this issue

2026-03-03 02:03:41 +03:00

kerem commented

2026-03-03 02:03:42 +03:00

Author

Owner

@BlackDex commented on GitHub (Oct 9, 2020):

Hello @lukasdietz,

This issue is probably already resolved, though not yet in a tagged versioned release. But it is in the testing tagged docker image.
The version you have is missing a new endpoint the latest extensions and clients use.

@BlackDex commented on GitHub (Oct 9, 2020): Hello @lukasdietz, This issue is probably already resolved, though not yet in a tagged versioned release. But it is in the `testing` tagged docker image. The version you have is missing a new endpoint the latest extensions and clients use.

kerem commented

2026-03-03 02:03:42 +03:00

Author

Owner

@jonathanmmm commented on GitHub (Oct 10, 2020):

I opened an issue on Bitwarden/Server (can look there, title is "Locked Extension does not accept masterpassword (need to logout and login)").
I looked at my nginx logs and bitwarden logs right in the moment this error came and it seems the Client didn't even reach the Server.

Maybe I am wrong, what did you change in testing, I think it is only a bug in the browser extension and it doesn't matter if your server is bitwarden or bitwarden_rs or even dead, as it only reached my server after logout and pressing login again.

@jonathanmmm commented on GitHub (Oct 10, 2020): I opened an issue on Bitwarden/Server (can look there, title is "Locked Extension does not accept masterpassword (need to logout and login)"). I looked at my nginx logs and bitwarden logs right in the moment this error came and it seems the Client didn't even reach the Server. Maybe I am wrong, what did you change in testing, I think it is only a bug in the browser extension and it doesn't matter if your server is bitwarden or bitwarden_rs or even dead, as it only reached my server after logout and pressing login again.

kerem commented

2026-03-03 02:03:42 +03:00

Author

Owner

@davidus05 commented on GitHub (Oct 11, 2020):

Thanks for opening that issue - I already went crazy with that, because I thought it's my fault. I downgraded my browser extension to a previous version and then it worked again.

@davidus05 commented on GitHub (Oct 11, 2020): Thanks for opening that issue - I already went crazy with that, because I thought it's my fault. I downgraded my browser extension to a previous version and then it worked again.

kerem commented

2026-03-03 02:03:42 +03:00

Author

Owner

@BlackDex commented on GitHub (Oct 11, 2020):

@jonathanmmm and @davidus05 could you both please try the very very latest version which is on docker hub now?
Make sure you have version 1.17.0 running and please try again.

This version has an endpoint added which these new extension/clients use to verify the password during unlock.

@BlackDex commented on GitHub (Oct 11, 2020): @jonathanmmm and @davidus05 could you both please try the very very latest version which is on docker hub now? Make sure you have version 1.17.0 running and please try again. This version has an endpoint added which these new extension/clients use to verify the password during unlock.

kerem commented

2026-03-03 02:03:42 +03:00

Author

Owner

@davidus05 commented on GitHub (Oct 11, 2020):

@jonathanmmm and @davidus05 could you both please try the very very latest version which is on docker hub now?
Make sure you have version 1.17.0 running and please try again.

This version has an endpoint added which these new extension/clients use to verify the password during unlock.

Works fine for me, thank you.

@davidus05 commented on GitHub (Oct 11, 2020): > > > @jonathanmmm and @davidus05 could you both please try the very very latest version which is on docker hub now? > Make sure you have version 1.17.0 running and please try again. > > This version has an endpoint added which these new extension/clients use to verify the password during unlock. Works fine for me, thank you.

kerem commented

2026-03-03 02:03:42 +03:00

Author

Owner

@jonathanmmm commented on GitHub (Oct 11, 2020):

I can try, I don't know what that would change as the client never reached my nginx proxy server in front of it.

Do I have to change someting in my nginx proxy? And how do I switch from bitwardenrs/server:raspberry to the normal one (think I have to right), just changing the name. I don't know if it detects the right archtecture for Rasbian 10 on a RPi 3B (32bit).

@jonathanmmm commented on GitHub (Oct 11, 2020): I can try, I don't know what that would change as the client never reached my nginx proxy server in front of it. Do I have to change someting in my nginx proxy? And how do I switch from bitwardenrs/server:raspberry to the normal one (think I have to right), just changing the name. I don't know if it detects the right archtecture for Rasbian 10 on a RPi 3B (32bit).

kerem commented

2026-03-03 02:03:42 +03:00

Author

Owner

@jonathanmmm commented on GitHub (Oct 11, 2020):

This is the important part in nginx, I believe:

location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_hide_header X-Frame-Options;
#proxy_set_header X-Frame-Options "ALLOW-FROM https://mywebsite.com";
proxy_hide_header Content-Security-Policy;
#see above proxy_set_header Content-Security-Policy "default-src 'self';frame-ancestors https://mywebsite.com";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}

location /notifications/hub {
proxy_pass http://127.0.0.1:3012;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}

location /notifications/hub/negotiate {
proxy_pass http://127.0.0.1:8080;
}

(The frame ancestors are right, as I enframe it on another website, as well).

@jonathanmmm commented on GitHub (Oct 11, 2020): This is the important part in nginx, I believe: location / { proxy_pass http://127.0.0.1:8080; proxy_set_header Host $host; proxy_hide_header X-Frame-Options; #proxy_set_header X-Frame-Options "ALLOW-FROM https://mywebsite.com"; proxy_hide_header Content-Security-Policy; #see above proxy_set_header Content-Security-Policy "default-src 'self';frame-ancestors https://mywebsite.com"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /notifications/hub { proxy_pass http://127.0.0.1:3012; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /notifications/hub/negotiate { proxy_pass http://127.0.0.1:8080; } (The frame ancestors are right, as I enframe it on another website, as well).

kerem commented

2026-03-03 02:03:42 +03:00

Author

Owner

@jonathanmmm commented on GitHub (Oct 11, 2020):

Problem solved.
Thanks :)

I changed from bitwardenrs/server:raspberry to bitwardenrs/server:latest got the newst update (all works without changing anything else), it is still using sqlite3 as before, all entries work. Raspberry seems to be not up-to-date and probably and old tag? (I will change the wiki article for 3B anr 4, dont know about older RPis).

I logged out, logged in, went to settings, pressed the manual sync. Pressed lock now and could unlock. Also now nginx shows that the client reaches the server, strange.

Was before on 1.15 (I think) now 1.17.

I will link it to the one from bitwarden/server gitbub.com.

@jonathanmmm commented on GitHub (Oct 11, 2020): Problem solved. Thanks :) I changed from bitwardenrs/server:raspberry to bitwardenrs/server:latest got the newst update (all works without changing anything else), it is still using sqlite3 as before, all entries work. Raspberry seems to be not up-to-date and probably and old tag? (I will change the wiki article for 3B anr 4, dont know about older RPis). I logged out, logged in, went to settings, pressed the manual sync. Pressed lock now and could unlock. Also now nginx shows that the client reaches the server, strange. Was before on 1.15 (I think) now 1.17. I will link it to the one from bitwarden/server gitbub.com.

kerem commented

2026-03-03 02:03:42 +03:00

Author

Owner

@BlackDex commented on GitHub (Oct 11, 2020):

Glad that the latest version resolved your issue.
Thanks for reporting :).

@BlackDex commented on GitHub (Oct 11, 2020): Glad that the latest version resolved your issue. Thanks for reporting :).

kerem commented

2026-03-03 02:03:43 +03:00

Author

Owner

@lukasdietz commented on GitHub (Oct 11, 2020):

Hey there,
I did pull the latest image with docker pull bitwardenrs/server:latest. Now I am on Version 2.16.1 and the issue persists. Am I doing something wrong? Is this the latest version with the mentioned error fixed?

@lukasdietz commented on GitHub (Oct 11, 2020): Hey there, I did pull the latest image with docker pull bitwardenrs/server:latest. Now I am on Version 2.16.1 and the issue persists. Am I doing something wrong? Is this the latest version with the mentioned error fixed?

kerem commented

2026-03-03 02:03:43 +03:00

Author

Owner

@jonathanmmm commented on GitHub (Oct 11, 2020):

Hey there,
I did pull the latest image with docker pull bitwardenrs/server:latest. Now I am on Version 2.16.1 and the issue persists. Am I doing something wrong? Is this the latest version with the mentioned error fixed?

Can you go into http://yourserverip:port/admin log into the admin with token and use the the hamburger (three lines) menu to go to analytics. There you can see the Version you have and what the newest version is (for bitwardenrs and webserver)

Did you follow my try with logging out, in, syncing and so on? And do you use nginx or apache in front of it or just bitwarden itself?

@jonathanmmm commented on GitHub (Oct 11, 2020): > Hey there, > I did pull the latest image with docker pull bitwardenrs/server:latest. Now I am on Version 2.16.1 and the issue persists. Am I doing something wrong? Is this the latest version with the mentioned error fixed? Can you go into http://yourserverip:port/admin log into the admin with token and use the the hamburger (three lines) menu to go to analytics. There you can see the Version you have and what the newest version is (for bitwardenrs and webserver) Did you follow my try with logging out, in, syncing and so on? And do you use nginx or apache in front of it or just bitwarden itself?

kerem commented

2026-03-03 02:03:43 +03:00

Author

Owner

@lukasdietz commented on GitHub (Oct 12, 2020):

@jonathanmmm
Thanks for your support. I noticed the latest version was installed and it is working after logging out and sync.

@lukasdietz commented on GitHub (Oct 12, 2020): @jonathanmmm Thanks for your support. I noticed the latest version was installed and it is working after logging out and sync.

Rows
Columns

[GH-ISSUE #1179] wrong masterpassword in browser extension #827

Subject of the issue

Your environment

Steps to reproduce

Expected behaviour

Actual behaviour

Relevant logs