Android: Potential security issue: Trying to connect to an unexpected IP

[tomturton]

Using the Android app v2.11.0.

I am self-hosting VaultWarden. I am trying to access VW on a local network with a domain registered on my local DNS. When trying to connect the Android client to my server (both on the same local network), the request is timing out with following error:

vaultwarden.mydomain.net/3.223.115.185 (port 443) from 192.168.1.113 (port 43768)
isConnected failed

I am alarmed by the attempted connection to 3.223.115.185 (seems to be an AWS address).

Steps To Reproduce

1. At Bitwarden client login page, tap the cog to enter settings
2. Change the Server URL to local domain.
3. Tap 'Save'
4. Tap 'Log in'
5. Enter VaultWarden credentials and tap 'Log in'

Environment

• Pixel 5
• Android 11
• Bitwarden Client 2.11.0
• VaultWarden 2.19.0 running in a docker container on a Synology NAS

[SergeantConfused]

Hi @tomturton,

1. What is the IP address of your local bitwarden_rs server?
2. Is this IP address (3.223.115.185) present in your local configuration? Do you have a DNS record pointing to it?
3. Where do you see this error message on your Android device, exactly?

Thank you in advance,

[tomturton]

Hi @SergeantConfused

1. 192.168.1.104
2. To my knowledge, no. I certainly haven't manually entered that IP anywhere.
3. In the Bitwarden mobile client, upon trying to log in to my VaultWarden server/account.

[vvolkgang]

Issue migrated to https://github.com/bitwarden/mobile/issues/1466