Cannot login with correct master password #22

New Issue

OVERLORD · 2025-10-09T16:10:53+03:00

OVERLORD commented

2025-10-09 16:10:53 +03:00

Originally created by @skutter-de on GitHub.

Prerequisites

I have searched the existing Closed AND Open Issues AND Discussions
I have searched and read the documentation

Vaultwarden Support String

Your environment (Generated via diagnostics page)

Vaultwarden version: v1.34.3
Web-vault version: v2025.7.0
OS/Arch: linux/x86_64
Running within a container: true (Base: Debian)
Database type: SQLite
Database version: 3.50.2
Uses config.json: true
Uses a reverse proxy: true
IP Header check: true (X-Real-IP)
Internet access: true
Internet access via a proxy: false
DNS Check: true
Browser/Server Time Check: true
Server/NTP Time Check: true
Domain Configuration Check: true
HTTPS Check: true
Websocket Check: true
HTTP Response Checks: true

Config & Details (Generated via diagnostics page)

Show Config & Details

Environment settings which are overridden: DOMAIN, SIGNUPS_ALLOWED, ADMIN_TOKEN

Config:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "***:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_connect_src": "",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://********************",
  "domain_origin": "*****://********************",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": true,
  "enforce_single_org_with_reset_pw_policy": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "http_request_block_non_global_ips": true,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "push_enabled": true,
  "push_identity_uri": "https://identity.bitwarden.eu",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.eu",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": true,
  "signups_domains_whitelist": "",
  "signups_verify": true,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "******************",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "**************",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "******************",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Vaultwarden Build Version

v1.34.3

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

Nginx Proxy Manager v2.12.4

Host/Server Operating System

Linux

Operating System Version

Red Hat Enterprise Linux 9.6

Clients

Web Vault, Browser Extension

Client Version

Web 2025.7.0, Firefox Extension 2025.8.1

Steps To Reproduce

One user on my server cannot login with the correct master password. We are both 100% sure it's correct, since it was written on a recovery sheet and saved in my vault as a fallback. Login was also tested at setup with the copy of the password in my vault and on the recovery sheet, as well as now. no server settings were modified since the creation of that account

Expected Result

Successful login

Actual Result

Login does not work on. The vault on the already logged in iOS app can still be unlocked with that password.

Logs

vaultwarden-1  | [2025-09-02 12:34:28.883][request][INFO] GET /api/devices/knowndevice
vaultwarden-1  | [2025-09-02 12:34:28.884][response][INFO] (get_known_device) GET /api/devices/knowndevice => 200 OK
vaultwarden-1  | [2025-09-02 12:34:30.333][request][INFO] POST /identity/accounts/prelogin
vaultwarden-1  | [2025-09-02 12:34:30.334][response][INFO] (prelogin) POST /identity/accounts/prelogin => 200 OK
vaultwarden-1  | [2025-09-02 12:34:30.452][request][INFO] POST /identity/connect/token
vaultwarden-1  | [2025-09-02 12:34:31.177][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: x.x.x.x. Username: xxx@yyy.com.
vaultwarden-1  | [2025-09-02 12:34:31.178][response][INFO] (login) POST /identity/connect/token => 400 Bad Request

Screenshots or Videos

No response

Additional Context

This is now the second time this has happened

Originally created by @skutter-de on GitHub. ### Prerequisites - [x] I have searched the existing **Closed _AND_ Open** [Issues](https://github.com/dani-garcia/vaultwarden/issues?q=is%3Aissue%20) **_AND_** [Discussions](https://github.com/dani-garcia/vaultwarden/discussions?discussions_q=) - [x] I have searched and read the [documentation](https://github.com/dani-garcia/vaultwarden/wiki/) ### Vaultwarden Support String ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.34.3 * Web-vault version: v2025.7.0 * OS/Arch: linux/x86_64 * Running within a container: true (Base: Debian) * Database type: SQLite * Database version: 3.50.2 * Uses config.json: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Websocket Check: true * HTTP Response Checks: true ### Config & Details (Generated via diagnostics page) <details><summary>Show Config & Details</summary> **Environment settings which are overridden:** DOMAIN, SIGNUPS_ALLOWED, ADMIN_TOKEN **Config:** ```json { "_duo_akey": null, "_enable_duo": true, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "***:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_connect_src": "", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "***************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://********************", "domain_origin": "*****://********************", "domain_path": "", "domain_set": true, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": true, "enforce_single_org_with_reset_pw_policy": false, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "experimental_client_feature_flags": "", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "http_request_block_non_global_ips": true, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "increase_note_size_limit": false, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 600000, "push_enabled": true, "push_identity_uri": "https://identity.bitwarden.eu", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.eu", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": true, "signups_domains_whitelist": "", "signups_verify": true, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "******************", "smtp_from_name": "Vaultwarden", "smtp_host": "**************", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "******************", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> ### Vaultwarden Build Version v1.34.3 ### Deployment method Official Container Image ### Custom deployment method _No response_ ### Reverse Proxy Nginx Proxy Manager v2.12.4 ### Host/Server Operating System Linux ### Operating System Version Red Hat Enterprise Linux 9.6 ### Clients Web Vault, Browser Extension ### Client Version Web 2025.7.0, Firefox Extension 2025.8.1 ### Steps To Reproduce One user on my server cannot login with the correct master password. We are both 100% sure it's correct, since it was written on a recovery sheet and saved in my vault as a fallback. Login was also tested at setup with the copy of the password in my vault and on the recovery sheet, as well as now. no server settings were modified since the creation of that account ### Expected Result Successful login ### Actual Result Login does not work on. The vault on the already logged in iOS app can still be unlocked with that password. ### Logs ```text vaultwarden-1 | [2025-09-02 12:34:28.883][request][INFO] GET /api/devices/knowndevice vaultwarden-1 | [2025-09-02 12:34:28.884][response][INFO] (get_known_device) GET /api/devices/knowndevice => 200 OK vaultwarden-1 | [2025-09-02 12:34:30.333][request][INFO] POST /identity/accounts/prelogin vaultwarden-1 | [2025-09-02 12:34:30.334][response][INFO] (prelogin) POST /identity/accounts/prelogin => 200 OK vaultwarden-1 | [2025-09-02 12:34:30.452][request][INFO] POST /identity/connect/token vaultwarden-1 | [2025-09-02 12:34:31.177][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: x.x.x.x. Username: xxx@yyy.com. vaultwarden-1 | [2025-09-02 12:34:31.178][response][INFO] (login) POST /identity/connect/token => 400 Bad Request ``` ### Screenshots or Videos _No response_ ### Additional Context This is now the second time this has happened

OVERLORD added the bug label 2025-10-09 16:10:53 +03:00

OVERLORD closed this issue

2025-10-09 16:10:54 +03:00

OVERLORD commented

2025-10-09 16:10:56 +03:00

@BlackDex commented on GitHub:

Passwords do not change by them self, and also not automatically by the server.

Either someway the database gets corrupted and for some reason only that user is affected, but that would be strange. Or, someone tried the org recovery/emergency contact procedure and changed the password.

There is nothing we can do here, since there is no process which changes the password anywhere in the code that isn't started by someone.

I would suggest to check the logs and see if you can find anything between the last successful login and the point it failed.

@BlackDex commented on GitHub: Passwords do not change by them self, and also not automatically by the server. Either someway the database gets corrupted and for some reason only that user is affected, but that would be strange. Or, someone tried the org recovery/emergency contact procedure and changed the password. There is nothing we can do here, since there is no process which changes the password anywhere in the code that isn't started by someone. I would suggest to check the logs and see if you can find anything between the last successful login and the point it failed.

OVERLORD referenced this issue

2025-10-09 18:32:34 +03:00

[PR #22] [MERGED] Implement deleting collections #3915

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#22