change user mail address or reset password in admin portal #371

New Issue

Closed

opened 2025-10-09 16:25:37 +03:00 by OVERLORD · 1 comment

OVERLORD commented 2025-10-09 16:25:37 +03:00

Owner

Copy Link

Originally created by @burghy86 on GitHub.

Vaultwarden Support String

Server Installed Ok
1.32.0
Server Latest
1.32.0
Web Installed
2024.6.2b
Database
SQLite: 3.46.0

Checks

OS/Arch
linux / x86_64
Running within a container
Yes (Base: Debian)
Environment settings overridden
Yes
Uses a reverse proxy
Yes
IP header Match
Config/Server: X-Real-IP
Internet access Ok
Yes
Internet access via a proxy
No
DNS (github.com) Ok
140.82.121.4
Date & Time (Local)
Server: 2024-09-25 10:46:10 +00:00
Date & Time (UTC) Server/Browser Ok Server NTP Ok Browser NTP Ok
NTP: 2024-09-25 10:46:10 UTC Server: 2024-09-25 10:46:10 UTC Browser: 2024-09-25 10:46:16 UTC

Vaultwarden Build Version

1.32.0

Deployment method

Official Container Image

Custom deployment method

I have a Vaultwarden instance with 10 registered users. One of the users signed up using an email address from their old company. As an admin, I can't find a way to change the user's email address. If the user has forgotten their password, they won't be able to reset their account, as the reset email would go to the old, inaccessible address.

Is there a way for an admin to update a user's email? If not, are there any recommended solutions to resolve this issue?

Thank you for your help!

Reverse Proxy

nginix

Host/Server Operating System

Linux

Operating System Version

synology

Clients

Web Vault

Client Version

chrome

Steps To Reproduce

in user config i can only delete o disable user but not reset password o change mail

Expected Result

.

Actual Result

.

Logs

No response

Screenshots or Videos

No response

Additional Context

No response

Originally created by @burghy86 on GitHub. ### Vaultwarden Support String Server Installed Ok 1.32.0 Server Latest 1.32.0 Web Installed 2024.6.2b Database SQLite: 3.46.0 Checks OS/Arch linux / x86_64 Running within a container Yes (Base: Debian) Environment settings overridden Yes Uses a reverse proxy Yes IP header Match Config/Server: X-Real-IP Internet access Ok Yes Internet access via a proxy No DNS (github.com) Ok 140.82.121.4 Date & Time (Local) Server: 2024-09-25 10:46:10 +00:00 Date & Time (UTC) Server/Browser Ok Server NTP Ok Browser NTP Ok NTP: 2024-09-25 10:46:10 UTC Server: 2024-09-25 10:46:10 UTC Browser: 2024-09-25 10:46:16 UTC ### Vaultwarden Build Version 1.32.0 ### Deployment method Official Container Image ### Custom deployment method I have a Vaultwarden instance with 10 registered users. One of the users signed up using an email address from their old company. As an admin, I can't find a way to change the user's email address. If the user has forgotten their password, they won't be able to reset their account, as the reset email would go to the old, inaccessible address. Is there a way for an admin to update a user's email? If not, are there any recommended solutions to resolve this issue? Thank you for your help! ### Reverse Proxy nginix ### Host/Server Operating System Linux ### Operating System Version synology ### Clients Web Vault ### Client Version chrome ### Steps To Reproduce in user config i can only delete o disable user but not reset password o change mail ### Expected Result . ### Actual Result . ### Logs _No response_ ### Screenshots or Videos _No response_ ### Additional Context _No response_

OVERLORD added the bug label 2025-10-09 16:25:37 +03:00

OVERLORD closed this issue 2025-10-09 16:25:38 +03:00

OVERLORD commented 2025-10-09 16:25:40 +03:00

Author

Owner

Copy Link

@stefan0xC commented on GitHub:

This is not possible as far as I know because it's used as salt to derive the master key.

The user can change their own email address without any access to the old email address required. And if you want to be able to change your users passwords you should let them join an organization with the account recovery policy automatically enabled.

@stefan0xC commented on GitHub: This is not possible as far as I know because [it's used as salt to derive the master key](https://bitwarden.com/help/bitwarden-security-white-paper/#account-creation). The user can change their own email address without any access to the old email address required. And if you want to be able to change your users passwords you should let them join an organization [with the account recovery policy automatically enabled](https://bitwarden.com/help/policies/#account-recovery-administration).

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

test_dylint

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

better for forum

bug

bug

bug

documentation

duplicate

enhancement

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

SSO

Third party

troubleshooting

troubleshooting

wontfix

No Label bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#371