starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-02-05 00:29:40 +03:00
Code Issues 32 Packages Projects Releases 10 Wiki Activity

Loss of all passwords due to change of masterpassword with encryption key rotation #1474

New Issue
Closed
opened 2026-02-05 01:02:31 +03:00 by OVERLORD · 11 comments
OVERLORD commented 2026-02-05 01:02:31 +03:00
Owner
Copy Link

Originally created by @nordic-style on GitHub (Jan 19, 2023).

Subject of the issue

All passwords are without a name or content (see screenshot)

Your environment (Generated via diagnostics page)

  • Vaultwarden version: v1.27.0
  • Web-vault version: v2022.12.0
  • Running within Docker: true (Base: Debian)
  • Environment settings overridden: true
  • Uses a reverse proxy: true
  • IP Header check: true (X-Real-IP)
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Time Check: true
  • Domain Configuration Check: true
  • HTTPS Check: true
  • Database type: SQLite
  • Database version: 3.39.2
  • Install method: docker-compose
  • Clients used: web vault
  • Reverse proxy and version: caddy:latest (from 2023-01-17)

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden: DOMAIN, SIGNUPS_ALLOWED, ADMIN_TOKEN, SMTP_HOST, SMTP_SSL, SMTP_PORT, SMTP_FROM, SMTP_USERNAME, SMTP_PASSWORD

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_smtp_img_src": "cid:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://***************",
  "domain_origin": "*****://***************",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "extended_logging": true,
  "helo_name": "**************",
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": true,
  "smtp_from": "***************",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "**************",
  "smtp_password": "***",
  "smtp_port": 465,
  "smtp_security": "force_tls",
  "smtp_ssl": false,
  "smtp_timeout": 15,
  "smtp_username": "***************",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Steps to reproduce

  1. Having many passwords (>1000) (and one very big note?)
  2. Navigate to Account Settings -> Security
  3. Set a new master password with "Also rotate my account's encryption key"
  4. Wait some seconds -> a red error box appears in the upper right corner "The field Notes exceeds the maximum encrypted value length of 10000 characters."
  5. all passwords are without content or name

Expected behaviour

Just change the encryption key and my master password

Actual behaviour

changed my master password but the passwords are not usable anymore

Troubleshooting data

from the logs:
[2023-01-18 22:31:28.269][response][INFO] (sync) GET /api/sync?<data..> => 200 OK
[2023-01-18 22:31:31.236][request][INFO] GET /api/accounts/revision-date
[2023-01-18 22:31:31.237][response][INFO] (revision_date) GET /api/accounts/revision-date => 200 OK
[2023-01-18 22:31:31.252][request][INFO] POST /identity/connect/token
[2023-01-18 22:31:31.255][response][INFO] (login) POST /identity/connect/token => 200 OK
[2023-01-18 22:31:31.586][request][INFO] GET /api/sync
[2023-01-18 22:31:31.697][response][INFO] (sync) GET /api/sync?<data..> => 200 OK
[2023-01-18 22:31:32.699][request][INFO] GET /api/two-factor
[2023-01-18 22:31:32.700][response][INFO] (get_twofactor) GET /api/two-factor => 200 OK
[2023-01-18 22:31:32.702][request][INFO] GET /api/accounts/profile
[2023-01-18 22:31:32.703][response][INFO] (profile) GET /api/accounts/profile => 200 OK
[2023-01-18 22:31:40.440][request][INFO] GET /api/accounts/profile
[2023-01-18 22:31:40.441][response][INFO] (profile) GET /api/accounts/profile => 200 OK
[2023-01-18 22:32:47.734][request][INFO] POST /identity/connect/token
[2023-01-18 22:32:47.738][response][INFO] (login) POST /identity/connect/token => 200 OK
[2023-01-18 22:32:47.752][request][INFO] GET /api/sync?excludeDomains=true
[2023-01-18 22:32:47.867][response][INFO] (sync) GET /api/sync?<data..> => 200 OK
[2023-01-18 22:32:48.039][request][INFO] POST /api/accounts/password
[2023-01-18 22:32:48.167][response][INFO] (post_password) POST /api/accounts/password => 200 OK
[2023-01-18 22:32:53.304][request][INFO] POST /api/accounts/key
[2023-01-18 22:32:54.042][vaultwarden::api::core::ciphers][ERROR] The field Notes exceeds the maximum encrypted value length of 10000 characters.
[2023-01-18 22:32:54.045][response][INFO] (post_rotatekey) POST /api/accounts/key => 400 Bad Request

Screenshot 2023-01-18 at 23 46 18
Originally created by @nordic-style on GitHub (Jan 19, 2023). ### Subject of the issue All passwords are without a name or content (see screenshot) ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.27.0 * Web-vault version: v2022.12.0 * Running within Docker: true (Base: Debian) * Environment settings overridden: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.39.2 * Install method: docker-compose * Clients used: web vault * Reverse proxy and version: caddy:latest (from 2023-01-17) ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** DOMAIN, SIGNUPS_ALLOWED, ADMIN_TOKEN, SMTP_HOST, SMTP_SSL, SMTP_PORT, SMTP_FROM, SMTP_USERNAME, SMTP_PASSWORD ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_smtp_img_src": "cid:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "***************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://***************", "domain_origin": "*****://***************", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "extended_logging": true, "helo_name": "**************", "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": true, "smtp_from": "***************", "smtp_from_name": "Vaultwarden", "smtp_host": "**************", "smtp_password": "***", "smtp_port": 465, "smtp_security": "force_tls", "smtp_ssl": false, "smtp_timeout": 15, "smtp_username": "***************", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> ### Steps to reproduce 0. Having many passwords (>1000) (and one very big note?) 1. Navigate to Account Settings -> Security 2. Set a new master password with "Also rotate my account's encryption key" 3. Wait some seconds -> a red error box appears in the upper right corner "The field Notes exceeds the maximum encrypted value length of 10000 characters." 4. all passwords are without content or name ### Expected behaviour Just change the encryption key and my master password ### Actual behaviour changed my master password but the passwords are not usable anymore ### Troubleshooting data from the logs: [2023-01-18 22:31:28.269][response][INFO] (sync) GET /api/sync?<data..> => 200 OK [2023-01-18 22:31:31.236][request][INFO] GET /api/accounts/revision-date [2023-01-18 22:31:31.237][response][INFO] (revision_date) GET /api/accounts/revision-date => 200 OK [2023-01-18 22:31:31.252][request][INFO] POST /identity/connect/token [2023-01-18 22:31:31.255][response][INFO] (login) POST /identity/connect/token => 200 OK [2023-01-18 22:31:31.586][request][INFO] GET /api/sync [2023-01-18 22:31:31.697][response][INFO] (sync) GET /api/sync?<data..> => 200 OK [2023-01-18 22:31:32.699][request][INFO] GET /api/two-factor [2023-01-18 22:31:32.700][response][INFO] (get_twofactor) GET /api/two-factor => 200 OK [2023-01-18 22:31:32.702][request][INFO] GET /api/accounts/profile [2023-01-18 22:31:32.703][response][INFO] (profile) GET /api/accounts/profile => 200 OK [2023-01-18 22:31:40.440][request][INFO] GET /api/accounts/profile [2023-01-18 22:31:40.441][response][INFO] (profile) GET /api/accounts/profile => 200 OK [2023-01-18 22:32:47.734][request][INFO] POST /identity/connect/token [2023-01-18 22:32:47.738][response][INFO] (login) POST /identity/connect/token => 200 OK [2023-01-18 22:32:47.752][request][INFO] GET /api/sync?excludeDomains=true [2023-01-18 22:32:47.867][response][INFO] (sync) GET /api/sync?<data..> => 200 OK [2023-01-18 22:32:48.039][request][INFO] POST /api/accounts/password [2023-01-18 22:32:48.167][response][INFO] (post_password) POST /api/accounts/password => 200 OK [2023-01-18 22:32:53.304][request][INFO] POST /api/accounts/key [2023-01-18 22:32:54.042][vaultwarden::api::core::ciphers][ERROR] The field Notes exceeds the maximum encrypted value length of 10000 characters. [2023-01-18 22:32:54.045][response][INFO] (post_rotatekey) POST /api/accounts/key => 400 Bad Request <img width="1164" alt="Screenshot 2023-01-18 at 23 46 18" src="https://user-images.githubusercontent.com/11313330/213330964-04187d77-9432-4366-81cf-75bc16f10960.png">
OVERLORD added the bug label 2026-02-05 01:02:31 +03:00
OVERLORD commented 2026-02-05 01:02:35 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Jan 19, 2023):

Ai, that's nasty.
But, i do think this issue is already fixed in the testing tagged images.
I'll need to verify.

@BlackDex commented on GitHub (Jan 19, 2023): Ai, that's nasty. But, i do think this issue is already fixed in the `testing` tagged images. I'll need to verify.
OVERLORD commented 2026-02-05 01:02:38 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Jan 19, 2023):

Did some quick checks, and there are some strange issues indeed.
Also one which has to do with some updates regarding the websockets to logout.
It needs to exclude the client which does the password changing, and that currently isn't done.

Besides that, it also needs to provide a better error in case there are some cipher issues, I probably have some time this evening to check this.

@BlackDex commented on GitHub (Jan 19, 2023): Did some quick checks, and there are some strange issues indeed. Also one which has to do with some updates regarding the websockets to logout. It needs to exclude the client which does the password changing, and that currently isn't done. Besides that, it also needs to provide a better error in case there are some cipher issues, I probably have some time this evening to check this.
OVERLORD commented 2026-02-05 01:02:40 +03:00
Author
Owner
Copy Link

@tessus commented on GitHub (Jan 19, 2023):

@BlackDex what I don't understand is why the transaction is not rolled back. e.g. when an error occurs, a database transaction is supposed to be rolled back. Yet it seems something happens and the data is committed anyway, even if the data is garbage.

@tessus commented on GitHub (Jan 19, 2023): @BlackDex what I don't understand is why the transaction is not rolled back. e.g. when an error occurs, a database transaction is supposed to be rolled back. Yet it seems something happens and the data is committed anyway, even if the data is garbage.
OVERLORD commented 2026-02-05 01:02:45 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Jan 19, 2023):

We do not have transactions, so that is one.
Further, after the stable release there was a fix regarding the note sizes. All ciphers are saved in a loop, and not a transaction. In testing there is a validation step done before stuff gets stored, and thus prevents this issue.

On top of that, if using websockets, it tells the clients (including the one changing the password) to logout, but that interrupts the key rotation. That one is easily fixed by providing the contextId during this specific event, because the client will logout it self afterwards, but that websocket message will still logout other clients, which is good.

Using transactions is something still on our list to implement.

@BlackDex commented on GitHub (Jan 19, 2023): We do not have transactions, so that is one. Further, after the `stable` release there was a fix regarding the note sizes. All ciphers are saved in a loop, and not a transaction. In `testing` there is a validation step done before stuff gets stored, and thus prevents this issue. On top of that, if using websockets, it tells the clients (including the one changing the password) to logout, but that interrupts the key rotation. That one is easily fixed by providing the contextId during this specific event, because the client will logout it self afterwards, but that websocket message will still logout other clients, which is good. Using transactions is something still on our list to implement.
OVERLORD commented 2026-02-05 01:02:48 +03:00
Author
Owner
Copy Link

@tessus commented on GitHub (Jan 19, 2023):

Thanks for the explanation. Yep, I thought that 00855ee31d would fix the size issue.

@tessus commented on GitHub (Jan 19, 2023): Thanks for the explanation. Yep, I thought that 00855ee31dcca786809e99e3f7e99a23ec8d54e7 would fix the size issue.
OVERLORD commented 2026-02-05 01:02:53 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Jan 19, 2023):

Well, it would have, if i had put that validation step there ;)

@BlackDex commented on GitHub (Jan 19, 2023): Well, it would have, if i had put that validation step there ;)
OVERLORD commented 2026-02-05 01:02:55 +03:00
Author
Owner
Copy Link

@nordic-style commented on GitHub (Jan 19, 2023):

Thanks for the quick responses. Just for my understanding: with the patch i will not be able to save my PGP public and private key in one note since it together exceeds 10k size? Not even in the Web version since some clients cannot handle the size?

@nordic-style commented on GitHub (Jan 19, 2023): Thanks for the quick responses. Just for my understanding: with the patch i will not be able to save my PGP public and private key in one note since it together exceeds 10k size? Not even in the Web version since some clients cannot handle the size?
OVERLORD commented 2026-02-05 01:02:57 +03:00
Author
Owner
Copy Link

@tessus commented on GitHub (Jan 19, 2023):

@nordic-style if the encrypred data exceeds 10k (not the raw data you paste in the field), you won't be able to add the gpg keys in the Notes field. However, you can attach them as files.

@tessus commented on GitHub (Jan 19, 2023): @nordic-style if the encrypred data exceeds 10k (not the raw data you paste in the field), you won't be able to add the gpg keys in the Notes field. However, you can attach them as files.
OVERLORD commented 2026-02-05 01:03:02 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Jan 19, 2023):

The issue with that is that it is not synced 😉 .
I understand the issue, but we can't risk other issues with allowing a larger size of the notes.
While we had it larger for a longer time, it does prevent people from switching to Bitwarden if they want.

And, indeed some clients have issues with this.
Maybe voting here will help: https://community.bitwarden.com/t/support-longer-notes-breaks-lastpass-import/2970

@BlackDex commented on GitHub (Jan 19, 2023): The issue with that is that it is not synced 😉 . I understand the issue, but we can't risk other issues with allowing a larger size of the notes. While we had it larger for a longer time, it does prevent people from switching to Bitwarden if they want. And, indeed some clients have issues with this. Maybe voting here will help: https://community.bitwarden.com/t/support-longer-notes-breaks-lastpass-import/2970
OVERLORD commented 2026-02-05 01:03:06 +03:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Jan 20, 2023):

@nordic-style I have resolved the issue via #3157 , once merged, it should tell you that there are notes which are to large, and prevent it from being stored. The password will still be changed though, but the key-rotation will not have an effect.

Thanks for reporting!.

@BlackDex commented on GitHub (Jan 20, 2023): @nordic-style I have resolved the issue via #3157 , once merged, it should tell you that there are notes which are to large, and prevent it from being stored. The password will still be changed though, but the key-rotation will not have an effect. Thanks for reporting!.
OVERLORD commented 2026-02-05 01:03:08 +03:00
Author
Owner
Copy Link

@nordic-style commented on GitHub (Jan 21, 2023):

@nordic-style I have resolved the issue via #3157 , once merged, it should tell you that there are notes which are to large, and prevent it from being stored. The password will still be changed though, but the key-rotation will not have an effect.

Thanks for reporting!.

Thank you for fixing!

After removing the "evil notes" i could restore a backup.

@nordic-style commented on GitHub (Jan 21, 2023): > @nordic-style I have resolved the issue via #3157 , once merged, it should tell you that there are notes which are to large, and prevent it from being stored. The password will still be changed though, but the key-rotation will not have an effect. > > Thanks for reporting!. Thank you for fixing! After removing the "evil notes" i could restore a backup.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
troubleshooting
wontfix
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#1474
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?