Invalid Master Password w/Windows Desktop Client 1.25 & latest docker image #2554

New Issue

MrUnknownDE · 2026-04-06T03:47:39+02:00

MrUnknownDE commented

2026-04-06 03:47:39 +02:00

Originally created by @ScottSturdivant on 3/16/2021

Subject of the issue

Recently my Windows Bitwarden client prompted me to apply an update to which I happily obliged. After restarting the client (and later the entire machine), I'm being met with an "Invalid Master Password" error on the client. I have been able to copy / paste the password into the following other environments successfully:

Google chrome bitwarden extension
Google chrome web vault
Firefox web vault
Bitwarden Windows 1.24.6 desktop client

Deployment environment

Your environment (Generated via diagnostics page)

Bitwarden_rs version: v1.19.0
Web-vault version: v2.18.1
Running within Docker: true
Internet access: true
Uses a proxy: false
DNS Check: true
Time Check: true
Domain Configuration Check: true
HTTPS Check: true
Database type: SQLite
Clients used:
Reverse proxy and version:
Other relevant information:

Config (Generated via diagnostics page)

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_ip_header_enabled": true,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_max_conns": 10,
  "database_url": "****/**.*******",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://*****.****.***",
  "domain_origin": "*****://*****.****.***",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "invitation_org_name": "Bitwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "org_attachment_limit": null,
  "org_creation_users": "",
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "show_password_hint": true,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_explicit_tls": false,
  "smtp_from": "*****.**********@*****.***",
  "smtp_from_name": "Bitwarden",
  "smtp_host": "****.*****.***",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_ssl": true,
  "smtp_timeout": 15,
  "smtp_username": "*****.**********@*****.***",
  "templates_folder": "data/templates",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Clients used: Web vault via chrome & firefox, bitwarden extension for Chrome, Windows 1.24.6 client

Steps to reproduce

Hopefully it's as simple as upgrading your Windows 1.24.6 client to the latest version (1.25) and then attempting to log in.

Expected behaviour

I'd expect that since my password works in all the other clients, that it also work with Windows Desktop 1.25. That's the dream anyway.

Actual behaviour

The client displays an error: "Invalid Master Password", though I can paste the exact same password into the web vault where it grants access successfully.

Troubleshooting data

The logs from the docker image don't contain much - if there's a way to enable more verbose logging please let me know and I'd be happy to update with that information. As it is, here are the entries for the failing login attempt:

[2021-03-13 14:27:58.519][request][INFO] POST /api/accounts/verify-password
[2021-03-13 14:27:58.670][bitwarden_rs::api::core::accounts][ERROR] Invalid password
[2021-03-13 14:27:58.672][response][INFO] POST /api/accounts/verify-password (verify_password) => 400 Bad Request

*Originally created by @ScottSturdivant on 3/16/2021* ### Subject of the issue Recently my Windows Bitwarden client prompted me to apply an update to which I happily obliged. After restarting the client (and later the entire machine), I'm being met with an "Invalid Master Password" error on the client. I have been able to copy / paste the password into the following other environments successfully: * Google chrome bitwarden extension * Google chrome web vault * Firefox web vault * Bitwarden Windows 1.24.6 desktop client ### Deployment environment ### Your environment (Generated via diagnostics page) * Bitwarden_rs version: v1.19.0 * Web-vault version: v2.18.1 * Running within Docker: true * Internet access: true * Uses a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_ip_header_enabled": true, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_max_conns": 10, "database_url": "****/**.*******", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://*****.****.***", "domain_origin": "*****://*****.****.***", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "invitation_org_name": "Bitwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "log_file": null, "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "org_attachment_limit": null, "org_creation_users": "", "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "show_password_hint": true, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_explicit_tls": false, "smtp_from": "*****.**********@*****.***", "smtp_from_name": "Bitwarden", "smtp_host": "****.*****.***", "smtp_password": "***", "smtp_port": 587, "smtp_ssl": true, "smtp_timeout": 15, "smtp_username": "*****.**********@*****.***", "templates_folder": "data/templates", "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` * Clients used: Web vault via chrome & firefox, bitwarden extension for Chrome, Windows 1.24.6 client ### Steps to reproduce Hopefully it's as simple as upgrading your Windows 1.24.6 client to the latest version (1.25) and then attempting to log in. ### Expected behaviour I'd expect that since my password works in all the other clients, that it also work with Windows Desktop 1.25. That's the dream anyway. ### Actual behaviour The client displays an error: "Invalid Master Password", though I can paste the exact same password into the web vault where it grants access successfully. ### Troubleshooting data The logs from the docker image don't contain much - if there's a way to enable more verbose logging please let me know and I'd be happy to update with that information. As it is, here are the entries for the failing login attempt: ``` [2021-03-13 14:27:58.519][request][INFO] POST /api/accounts/verify-password [2021-03-13 14:27:58.670][bitwarden_rs::api::core::accounts][ERROR] Invalid password [2021-03-13 14:27:58.672][response][INFO] POST /api/accounts/verify-password (verify_password) => 400 Bad Request ```

MrUnknownDE closed this issue

2026-04-06 03:47:39 +02:00

MrUnknownDE added the good first issue good first issue good first issue good first issue good first issue good first issue good first issue good first issue good first issue good first issue labels 2026-04-06 03:47:41 +02:00

Sign in to join this conversation.

No Label good first issue good first issue good first issue good first issue good first issue good first issue good first issue good first issue good first issue good first issue

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#2554