Sharing credentials to an organization might cripple the entry so that it is lost good #3598

New Issue

MrUnknownDE · 2026-04-06T05:02:15+02:00

MrUnknownDE commented

2026-04-06 05:02:15 +02:00

Originally created by @bassarf on 1/15/2019

As the headline describes I unfortunately found a way to cripple entries so that they are lost for good.
When you edit an item without synching after you shared that item on a different devices to an organization, every entry field in this item is filled with "[error: cannot decrypt]" and the item is broken from now on

Steps to reproduce

I used the web vault and the android app

create some test item (it doesn't really matter where)
sync the android app
login to the web vault and share this item to an organization and maybe a collection
without synching the android app open the item and make some edit (e.g. change the name of the item, or the username)
See how your item gets destroyed

I tried the same thing with the bitwarden web vault and at Step 5. instead of the item getting destroyed I get an error popup message saying:

An Error occured
Organization mismatch. Re-sync if you recently shared this item, then try again

and no changes to the item was made.

My guess is that, since organization items are encrypted differently, some check on the server side isn't made here and the app is not stopped and therefore trying something which it shouldn't

Worth mentioning

As you can cripple your items for good, I would categorize this as quite critical. And although it may not be a widespread issue, it is not a hypothetical either. I myself did cripple an item this way :-(
Since you cannot share items inside the app, I opened the web vault on my phone. Shared the item. After I closed the browser I decided to rename the item for better understanding (in the app) which broke it.

While troubleshooting this issue I also found that the web vault does not refresh as often as the original vault. (Having the vault open in a browser and adding an item on the phone, the item does show up without doing a manual refresh on the original server)

*Originally created by @bassarf on 1/15/2019* As the headline describes I unfortunately found a way to cripple entries so that they are lost for good. When you edit an item without synching after you shared that item on a different devices to an organization, every entry field in this item is filled with "[error: cannot decrypt]" and the item is broken from now on ### Steps to reproduce I used the web vault and the android app 1. create some test item (it doesn't really matter where) 1. sync the android app 1. login to the web vault and share this item to an organization and maybe a collection 1. without synching the android app open the item and make some edit (e.g. change the name of the item, or the username) 1. See how your item gets destroyed I tried the same thing with the bitwarden web vault and at Step 5. instead of the item getting destroyed I get an error popup message saying: > An Error occured > Organization mismatch. Re-sync if you recently shared this item, then try again and no changes to the item was made. My guess is that, since organization items are encrypted differently, some check on the server side isn't made here and the app is not stopped and therefore trying something which it shouldn't ### Worth mentioning As you can cripple your items for good, I would categorize this as quite critical. And although it may not be a widespread issue, it is not a hypothetical either. I myself did cripple an item this way :-( Since you cannot share items inside the app, I opened the web vault on my phone. Shared the item. After I closed the browser I decided to rename the item for better understanding (in the app) which broke it. While troubleshooting this issue I also found that the web vault does not refresh as often as the original vault. (Having the vault open in a browser and adding an item on the phone, the item does show up without doing a manual refresh on the original server)

MrUnknownDE closed this issue

2026-04-06 05:02:15 +02:00

Sign in to join this conversation.

No Label bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#3598