KDF values shown wrong in webvault, also warning popup is wrong (2 problems) #869

New Issue

MrUnknownDE · 2026-04-06T00:14:31+02:00

MrUnknownDE commented

2026-04-06 00:14:31 +02:00

Originally created by @rdslw on 10/19/2024

Vaultwarden Build Version

v1.32.2

Deployment method

Other method

Custom deployment method

personalized docker container

Reverse Proxy

none

Host/Server Operating System

Linux

Clients

Web Vault

Client Version

firefox 131.0.3

Steps To Reproduce

change KDF to non default, and i.e. 700007 while being on 1.2* version
update container to 1.32.* from below and restart
login, see first bug: brown popup saying: "Low KDF iterations. Increase your iterations to improve the security of your account. Change KDF settings "
go to 'change KDF setting' panel, and see '100000', (see sqlite verification)
while beeing at panel, change type to argon, do not change anything
change back to PBKDF2, and see '600000' -> second bug as I did not change anything, just switched tabs.

Expected Result

no popup
proper KDF 700007
no change in KDF displayed upon switching KDF types back & forth

Actual Result

sqlite> select email,password_iterations from users;
x1@x1|100000
x2@x2|700007
x3@x3|700007

Above steps used login x2.
Login x3 also shows bug no 2 (wrong value upon type switching), while there was popup, but was dismissed and does not appear again, ALTHOUGH kdf was not changed.

I'm not sure in which version it happenes.

Logs

No response

Screenshots or Videos

No response

Additional Context

No response

*Originally created by @rdslw on 10/19/2024* ### Vaultwarden Build Version v1.32.2 ### Deployment method Other method ### Custom deployment method personalized docker container ### Reverse Proxy none ### Host/Server Operating System Linux ### Clients Web Vault ### Client Version firefox 131.0.3 ### Steps To Reproduce 1. change KDF to non default, and i.e. 700007 while being on 1.2* version 2. update container to 1.32.* from below and restart 3. login, see **first bug**: brown popup saying: "Low KDF iterations. Increase your iterations to improve the security of your account. Change KDF settings " 4. go to 'change KDF setting' panel, and see '100000', (see sqlite verification) 5. while beeing at panel, change type to argon, do not change anything 6. change back to PBKDF2, and see '600000' -> **second bug** as I did not change anything, just switched tabs. ### Expected Result 1. no popup 2. proper KDF 700007 3. no change in KDF displayed upon switching KDF types back & forth ### Actual Result sqlite> select email,password_iterations from users; x1@x1|100000 x2@x2|700007 x3@x3|700007 Above steps used login x2. Login x3 also shows bug no 2 (wrong value upon type switching), while there was popup, but was dismissed and does not appear again, ALTHOUGH kdf was not changed. I'm not sure in which version it happenes. ### Logs _No response_ ### Screenshots or Videos _No response_ ### Additional Context _No response_

MrUnknownDE closed this issue

2026-04-06 00:14:31 +02:00

Sign in to join this conversation.

No Label bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#869