-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Possible bugs with multiple passkey logins when logging into https://vault.bitwarden.com/#/login using Edge, which also affects FIDO2/WebAuthn authentication. #9040
Comments
Hi there, I am unable to reproduce this issue, it has been escalated for further investigation. If you have more information that can help us, please add it below. Thanks! |
Hi, Thanks for getting back to me. I don't really think I can add anything further than what I have already reported. All I really can say is that currently it is definitely an issue for me. I've been through the above process twice with the same results each time. Perhaps when the issue is escalated, the issue can be reproduced. Thanks again. Regards, Gary |
Hi, Just a few further thoughts, although I don't see how these are relevant, but I guess you never know. I have previously also setup Bitwarden with the following: Microsoft Authenticator as an Authenticator app. Cheers. |
I'm having a little trouble following the replication steps, but it occurs to me that perhaps this is just another instance of this issue presenting itself. |
Thanks for getting back to me. I agree the issue seems to be with Windows 10/Hello/Passkeys only. Since I reported the issue, I pretty much haven't used passkeys to login to the Bitwarden Web Vault. Simply using Master Password/WebAuthn. As the issue doesn't appear to be a "show-stopper", I'm quite happy not using passkeys at the moment (although I'd obviously prefer to). Knowing the issue is in the pipeline to be investigated at some future point is fine with me. All the best m8. |
Hello @reachnet2, I wanted to confirm that what you reported in this thread is the same as what's reported in #9049? If so, I'd like to close this thread in order to consolidate this matter into a single GitHub report. Thank you in advance, |
Many thanks for the response. Totally agree. I'll close this thread with comment. Cheers. :) |
Steps To Reproduce
This issue may affect other browsers - haven't tested.
Make sure you have previously saved at least one YubiKey OTP Key to a YubiKey before proceeding with the steps below, otherwise you may get completely locked out of the Vault.
Steps to reproduce.
No encryption on Vault.
FIDO2/WebAuthn keys previously created for both devices mentioned below.
Login to https://vault.bitwarden.com/#/login (in my case using Edge) using FIDO2/WebAuthn previously setup for the device, (in my case Windows 11 Pro).
Create a login passkey for the currently logged in device.
Logout.
Login again with the passkey. All going well, login should be ok.
Logout.
Login to https://vault.bitwarden.com/#/login (in my case using Edge) using FIDO2/WebAuthn previously setup for the device, (in my case Windows 10 Home).
Create a 2nd login passkey for the currently logged in device.
Logout.
Try logging in again with the login passkey on the 2nd device using passkey. Fails with Invalid Passkey.
Try logging in again with the login passkey on the 2nd device using Master Password/FIDO2 WebAuthn. Enter local Windows Hello PIN. Windows prompts for Security Key (no option presented for FIDO2/WebAuthn authentication).
Try logging in again with the login Master Password/Passkey on the 1st device using passkey. Succeeds.
Try logging in again using Master Password/FIDO2 WebAuthn on the 1st device - the option to enter the local Windows Hello PIN for the passkey isn't displayed, only the options to use the passkey from iPhone, iPad or Android Device or Security Key.
I appreciate Vault based Web login using passkeys is currently in beta and therefore a work in progress. For the moment I've decided not to use passkey Web Vault logins and just use Master Password/FIDO2 WebAuthn instead.
Steps taken to revert back to previously working state.
Login to https://vault.bitwarden.com/#/login on the 1st device and choose the security key option when prompted. Login should succeed.
Delete both passkeys for both devices previously created.
Remove both FIDO2/WebAuthn keys for both devices previously created and recreate key for the 1st device, logout.
Login to https://vault.bitwarden.com/#/login on the 2nd device using the security key when prompted. Login should succeed.
Recreate the FIDO2/WebAuthn key for the 2nd device.
All going well, we should now be back at the previously working state.
Hope that helps.
Expected Result
https://vault.bitwarden.com/#/login passkey logins should work for multiple devices. At present they don't seem to.
Actual Result
https://vault.bitwarden.com/#/login passkey logins/FIDO2/WebAuthn fails for multiple devices.
Screenshots or Videos
No response
Additional Context
Both PCs fully updated. Edge fully updated on both PCs - Version Version 124.0.2478.80.
Operating System
Windows
Operating System Version
both Windows 10 Home/Windows 11 Pro
Web Browser
Microsoft Edge
Browser Version
Version 124.0.2478.80
Build Version
(Official build) (64-bit)
Issue Tracking Info
The text was updated successfully, but these errors were encountered: