Urgent Help Needed: Unverified User Account Locked Out Due to Non-Functional Email Address

Hello everyone,

I’m facing a critical issue with my self-hosted Vaultwarden server and urgently need your advice or solutions. One of our user accounts, which has been active and functioning for over a year, suddenly cannot log in anymore. The peculiar part of this situation is that this account might never have been verified (it’s unclear if verification ever occurred), but it has been in use without any issues. However, for the past two days, the login process has been denied due to unverified status.

To complicate matters further, the email address associated with this account is no longer functional. The email provider for this account no longer exists, leaving the user unable to receive a verification email or reset the password. This has effectively locked the user out of their account, with no straightforward way to regain access.

As the admin of the Vaultwarden server, I’m looking for a way to resolve this issue. Specifically, I need to either:

  • Change the user’s email address to a new, functional one without requiring them to log in or verify the old email address.
  • Bypass or disable the verification requirement for this specific account, allowing the user to log in and update their email address themselves.

I understand the potential security implications of these actions, but given the circumstances, ensuring the user can access their account is my top priority. I’m open to any suggestions, including direct database manipulation if necessary (with due caution and backups, of course).

Has anyone encountered a similar issue, or does anyone have experience with managing such situations in Vaultwarden? Any guidance, scripts, or step-by-step instructions would be greatly appreciated.

Thank you in advance for your help and support.


Just to be clear: The issue is that the user cannot login because of SIGNUPS_VERIFY=true? Or did you enable REQUIRE_DEVICE_EMAIL=true? If the latter, you should disable the option so the user can login and change their mail. If the former, I’d disable signups altogether (in case you did not already do that) and set the option to false so the user can login and change their mail.

If it’s caused by something else (i.e. neither of these options) I’d ask for more information like the generated support string (from the /admin panel) and logs from when the user in question failed to login.

1 Like

The guidance on these two variables has been incredibly valuable, directing me towards the right path.
I wanted to thank you for the assistance.

Finding specific documentation for Vaultwarden has always been a challenge for me, as searches often lead to information about Bitwarden, where the details can differ significantly. This has made navigating the nuances of Vaultwarden somewhat tricky.

The variables in question, REQUIRE_DEVICE_EMAIL and SIGNUPS_VERIFY, were both set to true in my config.json.