One user can't login using correct credentials #1916

New Issue

Closed

opened 2026-02-05 02:12:26 +03:00 by OVERLORD · 1 comment

OVERLORD commented 2026-02-05 02:12:26 +03:00

Owner

Copy Link

Originally created by @Mat-DB on GitHub (May 16, 2024).

User can't login user correct credentials

Just one user can not login using correct credentials, not in a app or browser extension and not in the webUI.
I have no clue why only one user can't and the other can.

Deployment environment

Your environment (Generated via diagnostics page)

• Vaultwarden version: v1.30.5
• Web-vault version: v2024.1.2b
• OS/Arch: linux/x86_64
• Running within a container: true (Base: Debian)
• Environment settings overridden: false
• Uses a reverse proxy: true
• IP Header check: true (X-Real-IP)
• Internet access: true
• Internet access via a proxy: false
• DNS Check: true
• Browser/Server Time Check: true
• Server/NTP Time Check: true
• Domain Configuration Check: true
• HTTPS Check: true
• Database type: SQLite
• Database version: 3.44.0
• Clients used:
• Reverse proxy and version:
• Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_smtp_img_src": "cid:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://*****************",
  "domain_origin": "*****://*****************",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "fido2-vault-credentials",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": "/data/vaultwarden.log",
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 350000,
  "push_enabled": false,
  "push_identity_uri": "https://identity.bitwarden.com",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": true,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "**********************",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "**************",
  "smtp_password": "***",
  "smtp_port": 465,
  "smtp_security": "force_tls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "**********************",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": false,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

• vaultwarden version: 1.30.5

• Install method: docker compose file

• Clients used: web vault, desktop (chrome plugin), Android

• Reverse proxy and version: latest version of LSIO/SWAG

• MySQL/MariaDB or PostgreSQL version: SQLite

Steps to reproduce

No clue how to reproduce. I have searched the github issues, online further but did not find any solution.

Maybe the docker compose file is useful,

---
services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    network_mode: ${PROXY_NET}
    user: ${PUID}:${PGID} #UID:GID
    environment:
      - TZ=${TZ}
      - INVITATIONS_ALLOWED=true
      - SIGNUPS_ALLOWED=false
      - SHOW_PASSWORD_HINT=true
      - PASSWORD_ITERATIONS=350000
      - DOMAIN=https://vault.pakamala.be/
      - LOG_FILE=/data/vaultwarden.log
      - ADMIN_TOKEN=${ADMIN_TOKEN}
      # Domains: gmail.com, googlemail.com
      - SMTP_HOST=${MAIL_HOST}
      - SMTP_FROM=${MAIL_FROM}
      - SMTP_PORT=${MAIL_PORT_SSL}
      - SMTP_SECURITY=force_tls
      - SMTP_USERNAME=${MAIL_FROM}
      - SMTP_PASSWORD=${MAIL_pw}
    volumes:
      - ${CONFIG_PATH}/Config/Vaultwarden:/data
    ports:
      - 8083:80
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true

Expected behaviour

That all user can login on any platform or bitwarden app or extension.

Actual behaviour

The HTTP response code is 400 and in the right top corner of the webpage,

The password and email are exactly the same as used before. The password still works to decrypt the bitwarden extension is chrome but it won't sync and is not able to create new logins.

I hope this can be resolved. If I need to give more information please just ask!
I haven't tried to pull a previous version and run that with the data since I do not know if that would break anything.

Thanks already!!

Edit 1: I just looked at the user page in the admin panel and the user just is NOT listed. How is this possible??
I have downloaded the decrypted vault of that user on their device already!

Originally created by @Mat-DB on GitHub (May 16, 2024). ### User can't login user correct credentials Just one user can not login using correct credentials, not in a app or browser extension and not in the webUI. I have no clue why only one user can't and the other can. ### Deployment environment ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.30.5 * Web-vault version: v2024.1.2b * OS/Arch: linux/x86_64 * Running within a container: true (Base: Debian) * Environment settings overridden: false * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.44.0 * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** ```json { "_duo_akey": null, "_enable_duo": true, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_smtp_img_src": "cid:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "***************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://*****************", "domain_origin": "*****://*****************", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "experimental_client_feature_flags": "fido2-vault-credentials", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": "/data/vaultwarden.log", "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 350000, "push_enabled": false, "push_identity_uri": "https://identity.bitwarden.com", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": true, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "**********************", "smtp_from_name": "Vaultwarden", "smtp_host": "**************", "smtp_password": "***", "smtp_port": 465, "smtp_security": "force_tls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "**********************", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": false, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> * vaultwarden version: 1.30.5 * Install method: docker compose file * Clients used: web vault, desktop (chrome plugin), Android * Reverse proxy and version: latest version of LSIO/SWAG * MySQL/MariaDB or PostgreSQL version: SQLite ### Steps to reproduce No clue how to reproduce. I have searched the github issues, online further but did not find any solution. Maybe the docker compose file is useful, ```yml --- services: vaultwarden: image: vaultwarden/server:latest container_name: vaultwarden network_mode: ${PROXY_NET} user: ${PUID}:${PGID} #UID:GID environment: - TZ=${TZ} - INVITATIONS_ALLOWED=true - SIGNUPS_ALLOWED=false - SHOW_PASSWORD_HINT=true - PASSWORD_ITERATIONS=350000 - DOMAIN=https://vault.pakamala.be/ - LOG_FILE=/data/vaultwarden.log - ADMIN_TOKEN=${ADMIN_TOKEN} # Domains: gmail.com, googlemail.com - SMTP_HOST=${MAIL_HOST} - SMTP_FROM=${MAIL_FROM} - SMTP_PORT=${MAIL_PORT_SSL} - SMTP_SECURITY=force_tls - SMTP_USERNAME=${MAIL_FROM} - SMTP_PASSWORD=${MAIL_pw} volumes: - ${CONFIG_PATH}/Config/Vaultwarden:/data ports: - 8083:80 restart: unless-stopped security_opt: - no-new-privileges:true ``` ### Expected behaviour That all user can login on any platform or bitwarden app or extension. ### Actual behaviour The HTTP response code is 400 and in the right top corner of the webpage,  The password and email are exactly the same as used before. The password still works to decrypt the bitwarden extension is chrome but it won't sync and is not able to create new logins. I hope this can be resolved. If I need to give more information please just ask! I haven't tried to pull a previous version and run that with the data since I do not know if that would break anything. Thanks already!! Edit 1: I just looked at the user page in the admin panel and the user just is NOT listed. How is this possible?? I have downloaded the decrypted vault of that user on their device already!

OVERLORD closed this issue 2026-02-05 02:12:33 +03:00

OVERLORD commented 2026-02-05 02:12:37 +03:00

Author

Owner

Copy Link

@stefan0xC commented on GitHub (May 16, 2024):

How is this possible??

The user could have deleted their account.

@stefan0xC commented on GitHub (May 16, 2024): > How is this possible?? The user could have deleted their account.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#1916