Issue with Server side KDF Iterations not showing altered in db.sqlite3 #1498

New Issue

Closed

opened 2026-02-05 01:05:46 +03:00 by OVERLORD · 3 comments

OVERLORD commented 2026-02-05 01:05:46 +03:00

Owner

Copy Link

Originally created by @talkincyber on GitHub (Feb 5, 2023).

Subject of the issue

Issue with Client side KDF Iterations not showing altered in db.sqlite3. I recently updated my KDF iterations client side on the web vault to 600k and when looking at the sqlite database, it does not show that the iterations changed, it still shows 100k.

Deployment environment

• Vaultwarden version: v1.27.0
• Web-vault version: v2022.12.0
• Running within Docker: true (Base: Debian)
• Environment settings overridden: false
• Uses a reverse proxy: true
• IP Header check: true (X-Real-IP)
• Internet access: true
• Internet access via a proxy: false
• DNS Check: true
• Time Check: true
• Domain Configuration Check: true
• HTTPS Check: true
• Database type: SQLite
• Database version: 3.39.2

Steps to reproduce

I run Vaultwarden via a "stack" in portainer. I just changed the KDF iterations and then also changed my password and said for it to rotate my account keys and it seems it's still at 100k based on the database file.

Expected behaviour

I would expect the database entry for my user account to be updated with the proper amount otherwise it makes me believe the key was not changed and the iterations did not change. I changed my password after changing it as well and it did not have an affect.

Actual behaviour

Troubleshooting data

Here is a screenshot of the server side admin panel showing 600k iterations

Here is a screenshot of the database for my account selecting password iterations from the table.

Originally created by @talkincyber on GitHub (Feb 5, 2023). <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue <!-- Describe your issue here. --> Issue with Client side KDF Iterations not showing altered in db.sqlite3. I recently updated my KDF iterations client side on the web vault to 600k and when looking at the sqlite database, it does not show that the iterations changed, it still shows 100k. ### Deployment environment <!-- ========================================================================================= Preferably, use the `Generate Support String` button on the admin page's Diagnostics tab. That will auto-generate most of the info requested in this section. ========================================================================================= --> <!-- The version number, obtained from the logs (at startup) or the admin diagnostics page --> <!-- This is NOT the version number shown on the web vault, which is versioned separately from vaultwarden --> <!-- Remember to check if your issue exists on the latest version first! --> * Vaultwarden version: v1.27.0 * Web-vault version: v2022.12.0 * Running within Docker: true (Base: Debian) * Environment settings overridden: false * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.39.2 ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start vaultwarden? --> I run Vaultwarden via a "stack" in portainer. I just changed the KDF iterations and then also changed my password and said for it to rotate my account keys and it seems it's still at 100k based on the database file. ### Expected behaviour <!-- Tell us what you expected to happen --> I would expect the database entry for my user account to be updated with the proper amount otherwise it makes me believe the key was not changed and the iterations did not change. I changed my password after changing it as well and it did not have an affect. ### Actual behaviour <!-- Tell us what actually happened --> ### Troubleshooting data <!-- Share any log files, screenshots, or other relevant troubleshooting data -->  Here is a screenshot of the server side admin panel showing 600k iterations  Here is a screenshot of the database for my account selecting password iterations from the table.

OVERLORD closed this issue 2026-02-05 01:05:47 +03:00

OVERLORD commented 2026-02-05 01:05:49 +03:00

Author

Owner

Copy Link

@talkincyber commented on GitHub (Feb 5, 2023):

I restarted vaultwarden in-between chaning the password iterations and changing my password too.

@talkincyber commented on GitHub (Feb 5, 2023): I restarted vaultwarden in-between chaning the password iterations and changing my password too.

OVERLORD commented 2026-02-05 01:05:51 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Feb 5, 2023):

Not sure what you are reporting here. But i think you tried to change the server side after the whole client change, and saw it didn't changed for your account.

That is true for the version of Vaultwarden you are using. That is fixed in the testing tagged images already. There it will increase your server side kdf on login.

@BlackDex commented on GitHub (Feb 5, 2023): Not sure what you are reporting here. But i think you tried to change the server side after the whole client change, and saw it didn't changed for your account. That is true for the version of Vaultwarden you are using. That is fixed in the `testing` tagged images already. There it will increase your server side kdf on login.

OVERLORD commented 2026-02-05 01:05:53 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Feb 5, 2023):

Fixed already via #3163

@BlackDex commented on GitHub (Feb 5, 2023): Fixed already via #3163

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#1498