I’ve successfully installed and setup Vaultwarden using Docker.
I’ve enabled SSL and the admin token/page and everything appears to be running well.
However, when trying to add the first account online, I found that the “submit” button didn’t do anything after completing all of the fields. This was the same with multiple browsers.
I overcame this minor inconvenience by using the Bitwarden app to sign up for an account. It’s not perfect, but it’s enough to get myself and my family using Vaultwarden.
Just now, I decided to change my master password but after completing all of the required fields, I found that the “submit” button doesn’t work. There’s no error messages and all other functionality seems to work; I can add secure notes, login details and sends etc with no problem.
Not being able to change a user’s master password is obviously quite a big issue.
I’ve searched online and have found people with issues creating an account, but this is usually the result of SSL not being enabled. Again, I’ve set up certificates and have SSL successfully set up, so this can’t be the issue.
Can anyone shed any light on this at all? I can’t continue using Vaultwarden if users can’t change their master passwords.
The only way to change a user’s password right now is for that user to add an emergency contact with full access permissions and get them to initiate a password change. This is far from ideal but as of yet, there’s absolutely no sign of a resolution for this issue.
Does the browser console say anything? Because it sounds to me like there’s an issue with your setup (maybe some scripts are being blocked from running?).
Generally, I’d also recommend checking the /admin/diagnostics page if there are any issues. Can you share the generated support string?
Well, Vaultwarden also implements/supports the account recovery policy but I’d try to fix the issue first before resorting to such drastic measures.
This is the only error from the diagnostics page:
Domain configuration No Match No HTTPS
Also, the issue is present on multiple browsers on both mobile phones and PCs.
However, SSL is enabled and all certificates are correct. Any idea what could be the issue?
I’ve just found that config.json had my url as http. I’ve changed it to https, restarted Vaultwarden and the error on the diagnostics page has gone. However, the issue persists.
I’ve finally found out what the issue is. Frustratingly, it’s not documented and there’s no fix for it (I did find a bug report, which I can’t find again now, but it was closed off).
Registration and password changes are silently failing because I don’t have a HIBP API, and the “check for breaches” (or similar) selection is checked by default. By unchecking this option, registration/password changes work as expected.
It’s a shame that the HIBP aspect can’t be an admin setting and disabled altogether, because I expect a lot of people will experience the same bug.
1 Like
I would be curious if this bug is also present when attempting to change the password within the web vault or similar via the official Bitwarden server without having the globalSettings__hibpApiKey= env variable set.
If so then likely the issue would be in the upstream Bitwarden, otherwise this may be something specific to Vaultwarden.
Regardless thanks for documenting your findings here, hopefully it can help others should they come across the issue in the future as well.
The HIBP password check is free as far as i know.
Only the breach check needs a paid API key