starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-04-26 09:46:00 +03:00
Code Issues 39 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #1213] Reports old "Exposed passwords" #858

New issue
Closed
opened 2026-03-03 02:04:04 +03:00 by kerem · 2 comments
kerem commented 2026-03-03 02:04:04 +03:00
Owner
Copy link

Originally created by @mcfrojd on GitHub (Nov 1, 2020).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1213

Subject of the issue

The report of exposed passwords still shows me passwords that have been changed.
Is the old passwords stored i db for the "updated password counter"?
And if so, is the report generator including these passwords when generating the report?
Or am i missing some "purge" function that "cleans" the database from old changed passwords?

Your environment

  • Bitwarden_rs version:
    Server Latest 1.17.0
    Web Latest 2.16.1
  • Install method: Docker-compose
  • Clients used: Android app, chrome app
  • Reverse proxy and version: Nginx Reverse Proxy Manager 2.3.1
  • Version of mysql/postgresql:
  • Other relevant information:

Steps to reproduce

When in my web vault, running the tools/report exposed passwords, the report shows me password entries with old (exposed) passwords.
When i click them in the report it shows the old password, and if i click the entry in the vault i see the new changed password (changed 2 month ago)

Expected behaviour

The report should not generate warnings on passwords that have been changed in the vault.

Actual behaviour

Im guessing the old passwords are still stored somewhere and the report generator can still find these old passwords and keeps warning me about them.
I cant see the old password anywhere in the web vault, but if i use search and type in my old exposed password i get a list of entries that have had that password before i changed them, but i cant see that old password when i open the items from the list

Relevant logs

Originally created by @mcfrojd on GitHub (Nov 1, 2020). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1213 <!-- # ### NOTE: Please update to the latest version of bitwarden_rs before reporting an issue! This saves you and us a lot of time and troubleshooting. See: https://github.com/dani-garcia/bitwarden_rs/issues/1180 # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/obfuscate personal and confidential information, such as names, global IP/DNS addresses and especially passwords, if necessary. --> ### Subject of the issue The report of exposed passwords still shows me passwords that have been changed. Is the old passwords stored i db for the "updated password counter"? And if so, is the report generator including these passwords when generating the report? Or am i missing some "purge" function that "cleans" the database from old changed passwords? ### Your environment <!-- The version number, obtained from the logs or the admin diagnostics page --> <!-- Remember to check your issue on the latest version first! --> * Bitwarden_rs version: Server Latest 1.17.0 Web Latest 2.16.1 <!-- How the server was installed: Docker image / package / built from source --> * Install method: Docker-compose * Clients used: Android app, chrome app * Reverse proxy and version: Nginx Reverse Proxy Manager 2.3.1 * Version of mysql/postgresql: <!-- if applicable --> * Other relevant information: ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start bitwarden_rs? --> When in my web vault, running the tools/report exposed passwords, the report shows me password entries with old (exposed) passwords. When i click them in the report it shows the old password, and if i click the entry in the vault i see the new changed password (changed 2 month ago) ### Expected behaviour <!-- Tell us what should happen --> The report should not generate warnings on passwords that have been changed in the vault. ### Actual behaviour <!-- Tell us what happens instead --> Im guessing the old passwords are still stored somewhere and the report generator can still find these old passwords and keeps warning me about them. I cant see the old password anywhere in the web vault, but if i use search and type in my old exposed password i get a list of entries that have had that password before i changed them, but i cant see that old password when i open the items from the list ### Relevant logs <!-- Share some logfiles, screenshots or output of relevant programs with us. -->
kerem closed this issue 2026-03-03 02:04:04 +03:00
kerem commented 2026-03-03 02:04:05 +03:00
Author
Owner
Copy link

@BlackDex commented on GitHub (Nov 2, 2020):

Hello @mcfrojd,

All this is done client-side via the web-vault which we do not maintain.
For items regarding the web-vault behaving not as expected you are better of going to https://github.com/bitwarden/web/

<!-- gh-comment-id:720381134 --> @BlackDex commented on GitHub (Nov 2, 2020): Hello @mcfrojd, All this is done client-side via the web-vault which we do not maintain. For items regarding the web-vault behaving not as expected you are better of going to https://github.com/bitwarden/web/
kerem commented 2026-03-03 02:04:05 +03:00
Author
Owner
Copy link

@sichkarmg commented on GitHub (Nov 5, 2020):

Mcfrojd Sorry I could not wait long, I have the same problem.
https://github.com/bitwarden/web/issues/690

<!-- gh-comment-id:722626283 --> @sichkarmg commented on GitHub (Nov 5, 2020): Mcfrojd Sorry I could not wait long, I have the same problem. https://github.com/bitwarden/web/issues/690
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
revert-7033-patch-1
cached-config-operations
test_dylint
1.35.8
1.35.7
1.35.6
1.35.5
1.35.4
1.35.3
1.35.2
1.35.1
1.35.0
1.34.3
1.34.2
1.34.1
1.34.0
1.33.2
1.33.1
1.33.0
1.32.7
1.32.6
1.32.5
1.32.4
1.32.3
1.32.2
1.32.1
1.32.0
1.31.0
1.30.5
1.30.4
1.30.3
1.30.2
1.30.1
1.30.0
1.29.2
1.29.1
1.29.0
1.28.1
1.28.0
1.27.0
1.26.0
1.25.2
1.25.1
1.25.0
1.24.0
1.23.1
1.23.0
1.22.2
1.22.1
1.22.0
1.21.0
1.20.0
1.19.0
1.18.0
1.17.0
1.16.3
1.16.2
1.16.1
1.16.0
1.15.1
1.15.0
1.14.2
1.14.1
1.14
1.13.1
1.13.0
1.12.0
1.11.0
1.10.0
1.9.1
1.9.0
1.8.0
1.7.0
1.6.1
1.6.0
1.5.0
1.4.0
1.3.0
1.2.0
1.1.0
1.0.0
0.13.0
0.12.0
0.11.0
0.10.0
0.9.0
Labels
Clear labels   
SSO

   
Third party

   
better for forum

   
bug

   
bug

   
documentation

   
duplicate

   
enhancement

   
future Vault

   
future Vault

   
future Vault

   
good first issue

   
help wanted

   
low priority

   
notes

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
troubleshooting

   
wontfix
No labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
question
troubleshooting
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/vaultwarden#858
No description provided.