Closed Frankjaro closed 2 months ago
cksapp
commented
1 year ago Can confirm this also happens with notes, logins, etc when attempting to add an attachment.
After selecting "Choose File" to upload an attachment, the app fails to honour the Vault timeout setting of Immediately, even when swiping the app away from background tasks. Reopening the Bitwarden app leads to still being unlocked, though it seems shortly after relaunching it requires authentication again.
mhombach
commented
1 year ago This is a security risk which has now been open for more then 4 months, can someone have a look into this asap?
mpbw2
commented
1 year ago Re-opening as we're not seeing consistent results with the fix
vvolkgang
commented
2 months ago Issue migrated to https://github.com/bitwarden/mobile/issues/2255
Steps To Reproduce
Smartphone used: S22 plus Last os and security patches installed Unlock method used to unlock the phone and Bitwarden: biometric authentication
Steps: A) Set the "timemout vault" options as LOCK and IMMEDIATLY 1) Open Secure Note 2) Create a new secure note 3) I named the secure note TEST and saved it 4) I opened the test note 5) I clicked on Modify 6) I clicked the 3 dots on the upper right side of the note and clicked: Attachements 7) A warning tells that you need to be a premium user 8) Click OK on the warning window 9) click the Select a file option 10) A pop up window opens up and I selected the FILE icon 11) I chose a pdf file 12) Click the Save button on the upper right side of the phone. 13) Pop up message: "ERROR. You must be a premium user pops up" 14) Click OK 15) Now just exit bitwarned by clicking the android button on the screen to put the app in the background. 16) Reopen the app by picking it among the apps in the background
Expected Result
If I try to reopen the app by picking it among the apps in the background, it should be locked according to step A
Actual Result
When I reopen the app, it is unlocked on the screen I left, waiting for me to upload a file thus failing the settings in the step A.
This behaviour also happens occasionally if I open a "login" file and click on modify. If I "exit" the app (while the Login file is on "modify") by parking it in the background and reopen it, sometimes it is not locked.
Screenshots or Videos
No response
Additional Context
No response
Operating System
Android
Operating System Version
Android 13
Web Browser
Chrome
Browser Version
I am not talking about the browser but the Bitwarden app itself!!!
Build Version
I am not talking about the browser but the Bitwarden app itself!!!
Issue Tracking Info