I have a very very weird fields in the login UI, hacking attempt ?!

Help
1

Hi everybody,

I really need your help to understand what happened.

Today I found this in the main UI.

Screenshot_20230809_155202
Screenshot_20230809_1552021595×705 83.3 KB

Service retarted, cache cleared, tested on 2 browsers → same.

I just upgraded to the vaultwarden-1.29.1 today → same.

I don’t know if it’s a coincidence, but I noticed the problem just after hardening my https / headers configuration with the help of Mozilla Observatory and SSL Lab …

Service is running on freebsd jail behind a https reverse proxy ranked A+ on Mozilla and SSL Lab test …

It looks like an attempted hack or something or a side effect of the http headers I changed … no ? Otherwise how simply changing the http header could add html / js to the page ??

:hot_face:

2

You added some security headers which block the correct workings of the Bitwarden web-vault.
Remove those custom headers and let Vaultwarden handle those, and you will be fine.

So, remove those custom headers, disable ModSecurity (Or configure it that it doesn’t replace headers).

1 Like
3

Many thanks for your help, It was indeed due to an problem with “to much” https header in the nginx.

Removing the Content-Security-Policy header option on nginx fixed the issue.

No hacking at all :slight_smile: