[GH-ISSUE #1503] Invalid Master Password w/Windows Desktop Client 1.25 & latest docker image #982

New issue

Closed

opened 2026-03-03 02:05:17 +03:00 by kerem · 2 comments

kerem commented

2026-03-03 02:05:17 +03:00

Owner

Originally created by @ScottSturdivant on GitHub (Mar 16, 2021).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1503

Subject of the issue

Recently my Windows Bitwarden client prompted me to apply an update to which I happily obliged. After restarting the client (and later the entire machine), I'm being met with an "Invalid Master Password" error on the client. I have been able to copy / paste the password into the following other environments successfully:

Google chrome bitwarden extension
Google chrome web vault
Firefox web vault
Bitwarden Windows 1.24.6 desktop client

Deployment environment

Your environment (Generated via diagnostics page)

Bitwarden_rs version: v1.19.0
Web-vault version: v2.18.1
Running within Docker: true
Internet access: true
Uses a proxy: false
DNS Check: true
Time Check: true
Domain Configuration Check: true
HTTPS Check: true
Database type: SQLite
Clients used:
Reverse proxy and version:
Other relevant information:

Config (Generated via diagnostics page)

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_ip_header_enabled": true,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_max_conns": 10,
  "database_url": "****/**.*******",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://*****.****.***",
  "domain_origin": "*****://*****.****.***",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "invitation_org_name": "Bitwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "org_attachment_limit": null,
  "org_creation_users": "",
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "show_password_hint": true,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_explicit_tls": false,
  "smtp_from": "*****.**********@*****.***",
  "smtp_from_name": "Bitwarden",
  "smtp_host": "****.*****.***",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_ssl": true,
  "smtp_timeout": 15,
  "smtp_username": "*****.**********@*****.***",
  "templates_folder": "data/templates",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Clients used: Web vault via chrome & firefox, bitwarden extension for Chrome, Windows 1.24.6 client

Steps to reproduce

Hopefully it's as simple as upgrading your Windows 1.24.6 client to the latest version (1.25) and then attempting to log in.

Expected behaviour

I'd expect that since my password works in all the other clients, that it also work with Windows Desktop 1.25. That's the dream anyway.

Actual behaviour

The client displays an error: "Invalid Master Password", though I can paste the exact same password into the web vault where it grants access successfully.

Troubleshooting data

The logs from the docker image don't contain much - if there's a way to enable more verbose logging please let me know and I'd be happy to update with that information. As it is, here are the entries for the failing login attempt:

[2021-03-13 14:27:58.519][request][INFO] POST /api/accounts/verify-password
[2021-03-13 14:27:58.670][bitwarden_rs::api::core::accounts][ERROR] Invalid password
[2021-03-13 14:27:58.672][response][INFO] POST /api/accounts/verify-password (verify_password) => 400 Bad Request

Originally created by @ScottSturdivant on GitHub (Mar 16, 2021). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1503 ### Subject of the issue Recently my Windows Bitwarden client prompted me to apply an update to which I happily obliged. After restarting the client (and later the entire machine), I'm being met with an "Invalid Master Password" error on the client. I have been able to copy / paste the password into the following other environments successfully: * Google chrome bitwarden extension * Google chrome web vault * Firefox web vault * Bitwarden Windows 1.24.6 desktop client ### Deployment environment ### Your environment (Generated via diagnostics page) * Bitwarden_rs version: v1.19.0 * Web-vault version: v2.18.1 * Running within Docker: true * Internet access: true * Uses a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_ip_header_enabled": true, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_max_conns": 10, "database_url": "****/**.*******", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://*****.****.***", "domain_origin": "*****://*****.****.***", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "invitation_org_name": "Bitwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "log_file": null, "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "org_attachment_limit": null, "org_creation_users": "", "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "show_password_hint": true, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_explicit_tls": false, "smtp_from": "*****.**********@*****.***", "smtp_from_name": "Bitwarden", "smtp_host": "****.*****.***", "smtp_password": "***", "smtp_port": 587, "smtp_ssl": true, "smtp_timeout": 15, "smtp_username": "*****.**********@*****.***", "templates_folder": "data/templates", "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` * Clients used: Web vault via chrome & firefox, bitwarden extension for Chrome, Windows 1.24.6 client ### Steps to reproduce Hopefully it's as simple as upgrading your Windows 1.24.6 client to the latest version (1.25) and then attempting to log in. ### Expected behaviour I'd expect that since my password works in all the other clients, that it also work with Windows Desktop 1.25. That's the dream anyway. ### Actual behaviour The client displays an error: "Invalid Master Password", though I can paste the exact same password into the web vault where it grants access successfully. ### Troubleshooting data The logs from the docker image don't contain much - if there's a way to enable more verbose logging please let me know and I'd be happy to update with that information. As it is, here are the entries for the failing login attempt: ``` [2021-03-13 14:27:58.519][request][INFO] POST /api/accounts/verify-password [2021-03-13 14:27:58.670][bitwarden_rs::api::core::accounts][ERROR] Invalid password [2021-03-13 14:27:58.672][response][INFO] POST /api/accounts/verify-password (verify_password) => 400 Bad Request ```

kerem

2026-03-03 02:05:17 +03:00

closed this issue
added the
good first issue
label

kerem commented

2026-03-03 02:05:18 +03:00

Author

Owner

@ScottSturdivant commented on GitHub (Mar 17, 2021):

Closing this. I was able to get logged in on 1.25.0. It took multiple reboots, restarts of Bitwarden, etc, but eventually I think what did the trick was to do Account -> Log Out and then initiate the login again from scratch.

My apologies for the noise!

@ScottSturdivant commented on GitHub (Mar 17, 2021): Closing this. I was able to get logged in on 1.25.0. It took multiple reboots, restarts of Bitwarden, etc, but eventually I think what did the trick was to do Account -> Log Out and then initiate the login again from scratch. My apologies for the noise!

kerem commented

2026-03-03 02:05:18 +03:00

Author

Owner

@BlackDex commented on GitHub (Mar 17, 2021):

No problem. I did logged in with v1.25 on Linux today actually, and that also worked.
Maybe some cache/cookie which was causing an issue.

But i'm glad it is fixed.

@BlackDex commented on GitHub (Mar 17, 2021): No problem. I did logged in with v1.25 on Linux today actually, and that also worked. Maybe some cache/cookie which was causing an issue. But i'm glad it is fixed.