🍒 [PM-27902] Logout user after successful master password reset

[aj-rosado]

🎟️ Tracking

PM-27902
Cherry-picked from #6133

📔 Objective

Fixes a critical security issue where users remained logged in after updating their master password due to policy requirements. This allowed users to immediately access their vault with the new password without re-authentication, bypassing the security intent of forced password resets.

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[claude]

Claude finished @aj-rosado's task —— View job

---

PR Review: Master Password Reset Security Fix

This cherry-pick addresses a critical security vulnerability where users remained logged in after forced password resets.

---

Summary

Changes:

• Added LogoutReason.PasswordReset enum value (LogoutReason.kt:69-72)
• Modified resetPassword() to log out users after successful password reset (AuthRepositoryImpl.kt:1041-1043)
• Removed manual forcePasswordResetReason clearing (now handled by logout)
• Added test verification for logout behavior (AuthRepositoryTest.kt:5076-5080)

Security Impact: ✅ Critical security issue resolved - users can no longer bypass forced password reset requirements.

---

Code Review

✅ Architecture Compliance: Follows MVVM patterns, uses Result types correctly, proper DI usage
✅ Security: Addresses critical vulnerability as intended
✅ Testing: Test added to verify logout behavior
✅ Code Style: Follows Kotlin idioms and project conventions

---

Findings

2 findings identified - see inline comments for details:

• ⚠️ Test could explicitly verify LogoutReason type properties (view)
• 💭 Order of operations: password hash stored before logout - is this intentional? (view)

---

Review Complete

This PR successfully addresses the security vulnerability with a clean, minimal implementation. The cherry-pick is appropriate for the release branch and maintains code quality standards.

[claude]

⚠️ Finding 1: Test could be more explicit about verifying the LogoutReason type.

Consider using a matcher to explicitly verify the reason type and properties:

Suggested change

	)
	verify {
	userLogoutManager.logout(
	userId = ACCOUNT_1.profile.userId,
	reason = match { it is LogoutReason.PasswordReset && it.source == null },
	)
	}

This ensures the correct LogoutReason subtype is used and validates its properties.

[claude]

💭 Finding 2: Order of operations - storing password hash before logout.

The current implementation stores the new password hash (lines 1027-1039) before logging out. If logout were interrupted or failed, the user would have the new hash stored but remain logged in.

Is this ordering intentional to guarantee the new password is always persisted? Or should logout happen first to ensure clean state before any storage operations?

[github-actions]

Checkmarx One – Scan Summary & Details – 652e45e5-2f5b-48cc-8a5e-10279e8799a6

New Issues (61)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/exportitems/verifypassword/VerifyPasswordViewModelTest.kt: 482	details Method Lambda at line 482 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/exportitems/verifypassword/VerifyPasswordViewModelTest.kt s... ID: IUn0FZna%2BZAM%2BAxdO2FiIa44Lds%3D Attack Vector
	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt: 585	details Method Lambda at line 585 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt se... ID: oAgMGUwO%2FpKLm5sdkAioAHigKU4%3D Attack Vector
	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/vaultunlock/VaultUnlockViewModelTest.kt: 792	details Method `on UnlockClick for password unlock should display error dialog on AuthenticationError` at line 792 of /app/src/test/kotlin/com/x8bit/bitw... ID: zOXENDQUlDzYgSTko6ecwKd0P08%3D Attack Vector
	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/deleteaccount/DeleteAccountViewModelTest.kt: 175	details Method Lambda at line 175 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/deleteaccount/DeleteAccountViewM... ID: Os3EAmRq0an526ooiHhY84syiuo%3D Attack Vector
	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt: 62	details Method Lambda at line 62 of /app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt sends user information outs... ID: zpP4URUsKJwywqgn6myv5aY1LAA%3D Attack Vector
	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt: 62	details Method Lambda at line 62 of /app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt sends user information outs... ID: iyUEG6gZ5pUJ4ZzI09Y5twZVTog%3D Attack Vector
	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt: 122	details Method createMockLoginView at line 122 of /app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt sends user in... ID: IzVmd%2B%2FKE6PoJVh75onWw0bKV4w%3D Attack Vector
	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/data/credentials/model/Fido2CredentialAssertionRequestUtil.kt: 12	details Method createMockFido2CredentialAssertionRequest at line 12 of /app/src/test/kotlin/com/x8bit/bitwarden/data/credentials/model/Fido2CredentialAsser... ID: o1bdP%2BVa0mBOInE2gxCILpa9Eic%3D Attack Vector
	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/loginapproval/LoginApprovalViewModelTest.kt: 151	details Method `on ApproveAccountChangeClick dialog state should be cleared, user should be switched, and getAuthRequestByIdFlow should be called` at lin... ID: OFlvxeOmbXPZb6AJJJtTXjLZTa0%3D Attack Vector
	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/loginapproval/LoginApprovalViewModelTest.kt: 308	details Method Lambda at line 308 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/loginapproval/LoginApprovalViewM... ID: Fwr3JP6iDxYGyt9%2BFI9cA%2BssBnk%3D Attack Vector
	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/loginapproval/LoginApprovalViewModelTest.kt: 377	details Method Lambda at line 377 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/settings/accountsecurity/loginapproval/LoginApprovalViewM... ID: E5Mh8uyn%2BCEdww6PtKoAhkVi9ms%3D Attack Vector
	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt: 446	details Method Lambda at line 446 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt se... ID: Kh31eRgBXX7jeTFb2UsiUEvFRqc%3D Attack Vector
	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt: 362	details Method Lambda at line 362 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt se... ID: EWQPVKdE2DCRJM3rJmzgtB2tsVk%3D Attack Vector
	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt: 330	details Method Lambda at line 330 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt se... ID: 9UJxEjls%2FSL0LnvdfegpVCi0e3k%3D Attack Vector
	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt: 675	details Method at line 675 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt sends us... ID: 2j2ioFIJX8fs0Yi1%2B2UhwQj2BFg%3D Attack Vector
	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt: 687	details Method at line 687 of /app/src/test/kotlin/com/x8bit/bitwarden/ui/auth/feature/completeregistration/CompleteRegistrationViewModelTest.kt sends us... ID: cqw1qbBldM9R62gXFjjuLdfq%2Bqo%3D Attack Vector
	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt: 75	details Method Lambda at line 75 of /app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt sends user information outs... ID: lUwMML5odkwAS3yG%2BZGbfvEgU8U%3D Attack Vector
	Privacy_Violation	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt: 75	details Method Lambda at line 75 of /app/src/test/kotlin/com/x8bit/bitwarden/data/vault/datasource/sdk/model/CipherViewUtil.kt sends user information outs... ID: 0jllJ5E8tg7JxXNgvAICtq6LvdY%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/repository/VaultRepositoryTest.kt: 828	details The application uses the hard-coded password "mockPassword-1" for authentication purposes, either using it to verify users' identities, or to acc... ID: ObvrsKRy3AaJusdY5WAgdkCoVD0%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/repository/VaultRepositoryTest.kt: 760	details The application uses the hard-coded password "mockPassword-1" for authentication purposes, either using it to verify users' identities, or to acc... ID: bv6pm4wt90mZQM4draa92H%2BFz6w%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/VaultViewModelTest.kt: 3052	details The application uses the hard-coded password "mock_password" for authentication purposes, either using it to verify users' identities, or to acce... ID: 18m1ifc4eRhOLGx8Ja6gRgz1R34%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/VaultScreenTest.kt: 816	details The application uses the hard-coded password "test_password" for authentication purposes, either using it to verify users' identities, or to acce... ID: hF9bsk8oPhG6%2F0nqhQxopbQP1D4%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/manager/CipherManagerTest.kt: 2376	details The application uses the hard-coded password "mockId-1" for authentication purposes, either using it to verify users' identities, or to access an... ID: jX1Z1iZVqvWKvmzWntVUgLuQrFI%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/settings/exportvault/ExportVaultViewModelTest.kt: 164	details The application uses the hard-coded password "password" for authentication purposes, either using it to verify users' identities, or to access ano... ID: 3kWK1X7UI1TgzC1WwP9w3udLFys%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/platform/feature/settings/exportvault/ExportVaultViewModelTest.kt: 138	details The application uses the hard-coded password "password" for authentication purposes, either using it to verify users' identities, or to access ano... ID: Phbjk2%2B%2FLBwtvSGzmPL9FIGG7Jg%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/VaultViewModelTest.kt: 2024	details The application uses the hard-coded password "mockPassword-1" for authentication purposes, either using it to verify users' identities, or to acc... ID: 7RgcpxCeS4MpTQ5%2F%2Bc5eWV6c1bo%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/manager/CipherManagerTest.kt: 670	details The application uses the hard-coded password "cipherId" for authentication purposes, either using it to verify users' identities, or to access ano... ID: oPKhHT4UTCshqkNLUVsXjTGh6n8%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/manager/CipherManagerTest.kt: 655	details The application uses the hard-coded password "cipherId" for authentication purposes, either using it to verify users' identities, or to access ano... ID: XVPAKed6azyTaHCO7VIs0MzrlhM%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/vault/manager/CipherManagerTest.kt: 634	details The application uses the hard-coded password "cipherId" for authentication purposes, either using it to verify users' identities, or to access ano... ID: 7fYD6wOjTUb0TPfSJblaaH%2FLhoQ%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/sdk/repository/SdkCipherRepositoryTest.kt: 157	details The application uses the hard-coded password "cipherId" for authentication purposes, either using it to verify users' identities, or to access ano... ID: su6uZI6%2BLFB%2BcuBxXaqFbKwzdGU%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/sdk/repository/SdkCipherRepositoryTest.kt: 171	details The application uses the hard-coded password "cipherId" for authentication purposes, either using it to verify users' identities, or to access ano... ID: WbylcZvKJoGDZut4f2mjzE4E9IY%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/sdk/repository/SdkCipherRepositoryTest.kt: 98	details The application uses the hard-coded password "cipherId" for authentication purposes, either using it to verify users' identities, or to access ano... ID: gTMZbMyucNaHlyUT40ECJmgBbWw%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/sdk/repository/SdkCipherRepositoryTest.kt: 145	details The application uses the hard-coded password "cipherId" for authentication purposes, either using it to verify users' identities, or to access ano... ID: QmRdvfMzVeC%2Bp1pdrpaZOlOtFNA%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/sdk/repository/SdkCipherRepositoryTest.kt: 66	details The application uses the hard-coded password "cipherId" for authentication purposes, either using it to verify users' identities, or to access ano... ID: h%2BQVuQ5D%2BTflVfwJaiz9%2BnYpbYk%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/sdk/repository/SdkCipherRepositoryTest.kt: 85	details The application uses the hard-coded password "cipherId" for authentication purposes, either using it to verify users' identities, or to access ano... ID: 6Ur7Hi1jOo4nsFHmiK%2BA65oBJ8I%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/manager/sdk/repository/SdkCipherRepositoryTest.kt: 53	details The application uses the hard-coded password "cipherId" for authentication purposes, either using it to verify users' identities, or to access ano... ID: I%2Be6RMFDtIxZxxWS8wGKXwiJgC4%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/attachments/AttachmentsViewModelTest.kt: 485	details The application uses the hard-coded password "mockId-1" for authentication purposes, either using it to verify users' identities, or to access an... ID: xGGSVO6xWAwZ5bMJ2xB7Yg52dpg%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/itemlisting/VaultItemListingViewModelTest.kt: 4591	details The application uses the hard-coded password "password" for authentication purposes, either using it to verify users' identities, or to access ano... ID: jB1AFdhuJ462GW6CtECSbrit%2Fi0%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/itemlisting/VaultItemListingViewModelTest.kt: 4623	details The application uses the hard-coded password "password" for authentication purposes, either using it to verify users' identities, or to access ano... ID: 2AHcSjhDVXkXxfKNwieuAiJLi6c%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/itemlisting/VaultItemListingViewModelTest.kt: 4530	details The application uses the hard-coded password "password" for authentication purposes, either using it to verify users' identities, or to access ano... ID: QMexJ86O8F%2Fzo4rgEM9q2kIdgoE%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/itemlisting/VaultItemListingViewModelTest.kt: 4561	details The application uses the hard-coded password "password" for authentication purposes, either using it to verify users' identities, or to access ano... ID: kc7tA6khqqqKvPtM%2BPKgpGc2FYg%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/VaultScreenTest.kt: 1630	details The application uses the hard-coded password "password1234" for authentication purposes, either using it to verify users' identities, or to access... ID: t3ccrMmQjMxaGphiQlNJmjuTcEg%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/VaultScreenTest.kt: 1372	details The application uses the hard-coded password "12345" for authentication purposes, either using it to verify users' identities, or to access anothe... ID: c4M6Q8%2FJcq6S1GA3my09X7ZZKtY%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/VaultScreenTest.kt: 1300	details The application uses the hard-coded password "12345" for authentication purposes, either using it to verify users' identities, or to access anothe... ID: q8LYUJCLVaAFbTDPWU90qr1QZfY%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/VaultScreenTest.kt: 1371	details The application uses the hard-coded password "password1234" for authentication purposes, either using it to verify users' identities, or to access... ID: tjP3Sb4H6H%2BiPB8aRG%2B%2F7PPb6Bk%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/VaultScreenTest.kt: 1631	details The application uses the hard-coded password "12345" for authentication purposes, either using it to verify users' identities, or to access anothe... ID: vdnZULrftXtJmFk4IcQOH3gjvfI%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/VaultScreenTest.kt: 1560	details The application uses the hard-coded password "12345" for authentication purposes, either using it to verify users' identities, or to access anothe... ID: fJb4zuKtZuCTDXJ%2BVEYnYXY5FSc%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/VaultViewModelTest.kt: 2352	details The application uses the hard-coded password "cipherId-9876" for authentication purposes, either using it to verify users' identities, or to acce... ID: KwFopyyG4jVc2uQt12skoLNgOc8%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/VaultScreenTest.kt: 1760	details The application uses the hard-coded password "password1234" for authentication purposes, either using it to verify users' identities, or to access... ID: D6V5M3NlbZxF6NZHgA6%2FOKGWNnU%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/vault/VaultScreenTest.kt: 1240	details The application uses the hard-coded password "password1234" for authentication purposes, either using it to verify users' identities, or to access... ID: %2BPdTIx3d1doNUOnIMhg6YS2b76E%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/verificationcode/VerificationCodeViewModelTest.kt: 170	details The application uses the hard-coded password "password_1234" for authentication purposes, either using it to verify users' identities, or to acce... ID: mHtI3X%2FnlR%2Fwiaxq4J3NE2A8TqM%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/verificationcode/VerificationCodeViewModelTest.kt: 199	details The application uses the hard-coded password "cipher_id" for authentication purposes, either using it to verify users' identities, or to access a... ID: rt4F9BUeuluU%2FLyIAA44bDYnA6E%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/verificationcode/VerificationCodeViewModelTest.kt: 140	details The application uses the hard-coded password "password_1234" for authentication purposes, either using it to verify users' identities, or to acce... ID: uidd1Mdy74G95nuc8V0oWhGaFBk%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/ui/vault/feature/verificationcode/VerificationCodeViewModelTest.kt: 198	details The application uses the hard-coded password "password_1234" for authentication purposes, either using it to verify users' identities, or to acce... ID: jCsrX%2FS3lmDHVdz7IKm9kB2A2Ng%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/network/ssl/CertificateManagerTest.kt: 400	details The application uses the hard-coded password "password" for authentication purposes, either using it to verify users' identities, or to access ano... ID: xgDdXJSK7bNlUESDjvzQlBG0B5c%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/network/ssl/CertificateManagerTest.kt: 494	details The application uses the hard-coded password "password" for authentication purposes, either using it to verify users' identities, or to access ano... ID: %2FqCziQCVfHMgH7QR7lOr1GalY7I%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/network/ssl/CertificateManagerTest.kt: 316	details The application uses the hard-coded password "password" for authentication purposes, either using it to verify users' identities, or to access ano... ID: 0jk%2FXE7OWlk9e5J0lG%2FcJoZG4jk%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/network/ssl/CertificateManagerTest.kt: 421	details The application uses the hard-coded password "password" for authentication purposes, either using it to verify users' identities, or to access ano... ID: mNIDqKUaDdJC2qST%2B%2BjdzGe9VSg%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/network/ssl/CertificateManagerTest.kt: 445	details The application uses the hard-coded password "password" for authentication purposes, either using it to verify users' identities, or to access ano... ID: SC4SQma5FQ9L6YVsew7Kcb5qdd0%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/network/ssl/CertificateManagerTest.kt: 545	details The application uses the hard-coded password "password" for authentication purposes, either using it to verify users' identities, or to access ano... ID: 5apJGgXz7uuuqaK5dl4p%2Fn6AULA%3D Attack Vector
	Use_of_Hardcoded_Password	/app/src/test/kotlin/com/x8bit/bitwarden/data/platform/datasource/network/ssl/CertificateManagerTest.kt: 272	details The application uses the hard-coded password "password" for authentication purposes, either using it to verify users' identities, or to access ano... ID: j8tSM6n913Gt9DCbTLSy3qZm3AI%3D Attack Vector

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (release/2025.10-rc38@317fd37). Learn more about missing BASE report.

Additional details and impacted files

@@                   Coverage Diff                   @@
##             release/2025.10-rc38    #6137   +/-   ##
=======================================================
  Coverage                        ?   84.82%           
=======================================================
  Files                           ?      721           
  Lines                           ?    52825           
  Branches                        ?     7667           
=======================================================
  Hits                            ?    44809           
  Misses                          ?     5328           
  Partials                        ?     2688           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[aj-rosado]

thanks @SaintPatrck and @david-livefront