mobile icon indicating copy to clipboard operation
mobile copied to clipboard

Published 20 hours ago verified publisher icon bitwarden

cancelling fingerprint prompt simply logs you in (device/os specific)

Open hermione3690 opened this issue 3 years ago • 0 comments

Steps To Reproduce

  1. open bitwarden
  2. get biometrics prompt
  3. click cancel
  4. biometrics does not give option for backup pin or pattern
  5. you are logged in

Expected Result

canceling the biometrics should offer you the option to use your pin or pattern. it should not log you in if you cancel

Actual Result

canceling the fingerprint, I do not get a backup option of pin or pattern, the fingerprint overlay disappears, and I am suddenly logged in.

Screenshots or Videos

Screenshot_2022-09-07-14-31-01-55_fc704e6b13c4fb26bf5e411f75da84f2 Screenshot_2022-09-07-14-30-56-56_fc704e6b13c4fb26bf5e411f75da84f2

Additional Context

I am a software developer working on our own app with biometrics. We noticed that only on my phone, I can cancel the biometrics and not get a backup option Even weirder; the biometrics library we use returns success on a biometrics cancel action.

As soon as we got these test results, I started looking at other apps I have on my device, and I noticed I can get into my bitwarden app bij cancelling the biometrics.

As mentioned, this only happens on my phone. My colleagues and I think it is a specific combination of OS (oxygenOS), android version (12) and security patch (june 5th 2022).

Operating System

Android

Operating System Version

12

Device

oneplus 9

Build Version

security update 5 june 2022

Beta

  • [ ] Using a pre-release version of the application.

hermione3690 avatar Sep 07 '22 12:09 hermione3690