Can't request emergency access #1608

New Issue

Closed

opened 2026-02-05 01:20:06 +03:00 by OVERLORD · 3 comments

OVERLORD commented 2026-02-05 01:20:06 +03:00

Owner

Copy Link

Originally created by @Kr0kspluish on GitHub (Jun 15, 2023).

Subject of the issue

I have a user of my vaultwarden server who set me as emergency contact, with takeover level.
I need to request emergency access to their vault now, I can see them in the Emergency Access panel of my account settings with the correct "Accepted" and 'Takeover" labels, but I can't make the request access as the button for doing so does not appear. I tried on different browsers (Firefox, Edge, Duckduckgo android).
I feel like I saw that button when we set the emergency access up months ago, so maybe it disappeared with an upgrade of the docker image?

Deployment environment

• Vaultwarden version: v1.28.1
• Web-vault version: v2023.3.0b
• OS/Arch: linux/aarch64
• Running within Docker: true (Base: Debian)
• Environment settings overridden: false
• Uses a reverse proxy: true
• IP Header check: true (X-Real-IP)
• Internet access: true
• Internet access via a proxy: false
• DNS Check: true
• Browser/Server Time Check: true
• Server/NTP Time Check: true
• Domain Configuration Check: true
• HTTPS Check: true
• Database type: SQLite
• Database version: 3.39.2
• Clients used: web vault
• Reverse proxy and version: SWAG docker, version 2.4.0-ls195

Config

Environment settings which are overridden:

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_smtp_img_src": "cid:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://**************",
  "domain_origin": "*****://**************",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 2,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden des kiwis",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "*************************",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": false,
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "*********************",
  "smtp_from_name": "Kimou - Vaultwarden",
  "smtp_host": "**************",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "*********************",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": 100,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": 1000000,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Steps to reproduce

Create at least two users A and B and set up emergency access so A can access B's vault (takeover).
Go to account settings of A, and check whether the request access feature shows up.

Expected behaviour

According to https://bitwarden.com/help/emergency-access/ (pointed to by the Vaultwarden wiki), a gear icon with a menu including "request access" should be there.

Actual behaviour

It is not there; instead there is only the three vertical dots icon and the only options that appears when clicking it is "remove".

Troubleshooting data

Originally created by @Kr0kspluish on GitHub (Jun 15, 2023). ### Subject of the issue I have a user of my vaultwarden server who set me as emergency contact, with takeover level. I need to request emergency access to their vault now, I can see them in the Emergency Access panel of my account settings with the correct "Accepted" and 'Takeover" labels, but I can't make the request access as the button for doing so does not appear. I tried on different browsers (Firefox, Edge, Duckduckgo android). I feel like I saw that button when we set the emergency access up months ago, so maybe it disappeared with an upgrade of the docker image? ### Deployment environment * Vaultwarden version: v1.28.1 * Web-vault version: v2023.3.0b * OS/Arch: linux/aarch64 * Running within Docker: true (Base: Debian) * Environment settings overridden: false * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.39.2 * Clients used: web vault * Reverse proxy and version: SWAG docker, version 2.4.0-ls195 ### Config **Environment settings which are overridden:** ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_smtp_img_src": "cid:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "***************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://**************", "domain_origin": "*****://**************", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 2, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden des kiwis", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "*************************", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": false, "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "*********************", "smtp_from_name": "Kimou - Vaultwarden", "smtp_host": "**************", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "*********************", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": 100, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": 1000000, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` ### Steps to reproduce Create at least two users A and B and set up emergency access so A can access B's vault (takeover). Go to account settings of A, and check whether the request access feature shows up. ### Expected behaviour According to https://bitwarden.com/help/emergency-access/ (pointed to by the Vaultwarden wiki), a gear icon with a menu including "request access" should be there. ### Actual behaviour It is not there; instead there is only the three vertical dots icon and the only options that appears when clicking it is "remove". ### Troubleshooting data 

OVERLORD closed this issue 2026-02-05 01:20:09 +03:00

OVERLORD commented 2026-02-05 01:20:11 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Jun 15, 2023):

And what does the other account show? Had the invite been excepted? And afterwards been confirmed? Without confirmation it will not work.

@BlackDex commented on GitHub (Jun 15, 2023): And what does the other account show? Had the invite been excepted? And afterwards been confirmed? Without confirmation it will not work.

OVERLORD commented 2026-02-05 01:20:13 +03:00

Author

Owner

Copy Link

@Kr0kspluish commented on GitHub (Jun 15, 2023):

I can't answer that, as the other user actually lost access to their vault and they needed me to recover it.
So if the feature is not known to be broken, I must suppose they did not confirm the emergency contact set up and I apologize for wasting your time.

@Kr0kspluish commented on GitHub (Jun 15, 2023): I can't answer that, as the other user actually lost access to their vault and they needed me to recover it. So if the feature is not known to be broken, I must suppose they did not confirm the emergency contact set up and I apologize for wasting your time.

OVERLORD commented 2026-02-05 01:20:15 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Jun 15, 2023):

I can confirm it works as it should, and i can also see that the other end did not confirmed your acceptation.
There should be only one label there like so.

The problem is, you can't even just change a flag in the database, since you need a security token, which only gets generated during the confirm action. That token provides you access to the other users vault. Without it, that is a no-go.

@BlackDex commented on GitHub (Jun 15, 2023): I can confirm it works as it should, and i can also see that the other end did not confirmed your acceptation. There should be only one label there like so.  The problem is, you can't even just change a flag in the database, since you need a security token, which only gets generated during the confirm action. That token provides you access to the other users vault. Without it, that is a no-go.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#1608