starred/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-02-05 00:29:40 +03:00
Code Issues 32 Packages Projects Releases 10 Wiki Activity

Disable pwnedpasswords #1626

New Issue
Closed
opened 2026-02-05 01:22:15 +03:00 by OVERLORD · 0 comments
OVERLORD commented 2026-02-05 01:22:15 +03:00
Owner
Copy Link

Originally created by @p3lim on GitHub (Jul 4, 2023).

Subject of the issue

During registration there is an option to "Check known data breaches for this password", which can be disabled by the user.

If however this is enabled, and api.pwnedpasswords.com is unreachable, the registration fails silently.

This will happen in corporate environments with a http proxy.

Deployment environment

  • Vaultwarden version: v1.28.1
  • Web-vault version: v2023.3.0b

(everything else should be irrelevant for this issue)

Steps to reproduce

  1. Be behind corporate proxy, api.pwnedpasswords.com is not whitelisted
  2. Attempt to create a new account, leaving the defaults
  3. Clicking "Create account" silently fails, providing no information to the user what went wrong

Expected behaviour

At least a warning that the call failed.

Preferably an option (server-side) to disable all external calls, but most importantly for this issue to api.pwnedpasswords.com

Actual behaviour

No info, clicking "Create account" does nothing.

Troubleshooting data

Originally created by @p3lim on GitHub (Jul 4, 2023). <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue <!-- Describe your issue here. --> During registration there is an option to "Check known data breaches for this password", which can be disabled by the user. If however this is enabled, and api.pwnedpasswords.com is unreachable, the registration fails silently. This will happen in corporate environments with a http proxy. ### Deployment environment * Vaultwarden version: v1.28.1 * Web-vault version: v2023.3.0b (everything else should be irrelevant for this issue) ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start vaultwarden? --> 1. Be behind corporate proxy, api.pwnedpasswords.com is not whitelisted 2. Attempt to create a new account, leaving the defaults 3. Clicking "Create account" silently fails, providing no information to the user what went wrong ### Expected behaviour <!-- Tell us what you expected to happen --> At least a warning that the call failed. Preferably an option (server-side) to disable all external calls, but most importantly for this issue to api.pwnedpasswords.com ### Actual behaviour <!-- Tell us what actually happened --> No info, clicking "Create account" does nothing. ### Troubleshooting data <!-- Share any log files, screenshots, or other relevant troubleshooting data -->
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
troubleshooting
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/vaultwarden#1626
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?