bitwardentools
bitwardentools copied to clipboard
corpusops
Editing login with passkey invalidates date in passkey (or elsewhere in item) and makes login non-editable.
Thanks for this tool - I have used it to automate updating http:// to https:// (I will upload python script and link back to this repository), but where there is a passkey saved on the login, the resulting vault item remains useable, but not editable.
This has been tested against vaultwarden 1.30.1 (https://github.com/dani-garcia/vaultwarden/releases/tag/1.30.1) using server version 2023.12.1 browser plug in, vaultwarden web Version 2023.10.0, and Bitwarden windows client 2023.12.0 against the latest vaultwarden server version which is 2023.9.1.
I don't have a bitwarden subscription to test against, but I'm happy to set one up to test if this also occurs against bitwarden.
A visual inspection of the passkey component of the login via vscode debugging shows no obvious difference between the working and non-working versions. Partially redacted versions are included below.
The error displayed is: An error has occurred. Invalid time value
It is apparent that it is the passkey that has the invalid time value as the field that displays the passkey normally displays the create date of the passkey. Instead it is variously blank (vaultwarden web application) or just shows Created (browser plugin, windows app).
Grabbing the fido2Credentials from the login in the cipher before and after the update that makes the passkey creation date apparently invalid shows the following:
In each case, I've redacted credentialId, keyValue, userDisplayName, userHandle, and UserName, and single quotes with double quotes, and None is quoted, for better display on github.
All other items are as copied.
{
"counter": "0",
"creationDate": "2023-12-21T23:22:09.074Z",
"credentialId": "guid-ending-in-ef19",
"discoverable": "true",
"keyAlgorithm": "ECDSA",
"keyCurve": "P-256",
"keyType": "public-key",
"keyValue": "MIGHA-I've-checked-it's-the-same-OZNTAd7",
"response": "None",
"rpId": "amazon.com", "rpName": "Amazon",
"userDisplayName": "BJReplay",
"userHandle": "again-its-the-same",
"userName": "[email protected]"
}
{
"counter": "0",
"creationDate": "2023-12-21T23:22:09.074Z",
"credentialId": "guid-ending-in-ef19",
"discoverable": "true", "keyAlgorithm": "ECDSA",
"keyCurve": "P-256",
"keyType": "public-key",
"keyValue": "MIGHA-I've-checked-it's-the-same-OZNTAd7",
"response": "None",
"rpId": "amazon.com",
"rpName": "Amazon",
"userDisplayName": "BJReplay",
"userHandle": "again-its-the-same",
"userName": "[email protected]"
}
Saving a new passkey over the top works, and makes the item editable again.
vaultwarden docker logs don't report any errors while attempting to edit / save the corrupted items.
