search

bitwarden / clients

Bitwarden client apps (web, browser extension, desktop, and cli).
https://bitwarden.com
Other
9.25k stars 1.24k forks source link

Web vault reports - False negatives #7444

Open Voyage7082 opened 10 months ago

Voyage7082 commented 10 months ago

Steps To Reproduce

  1. From the reports page of the web vault (https://vault.bitwarden.com/#/reports) in the user's browser, right click on any report and open that report in a new tab.
  2. The user will likely be prompted to re-login with their username and master password.
  3. Upon re-logging in (as required), the report will appear to run and report back that no issues have been found (e.g. "GOOD NEWS: No items in your vault have passwords that have been exposed in known data breaches.")

Expected Result

When running a report from the Reports page of the Bitwarden web vault, the relevant report will run and provide results.

Actual Result

Possible false negative in certain scenarios.

When running a report from the Reports page of the Bitwarden web vault and the user opens the report in a new tab/window of their browser, the report will provide "Good News" and that there are no adverse findings of the report in all cases.

When opening the same report in the same tab/window from the Reports page, the report will run properly.

Screenshots or Videos

252568209-ffe31e8e-e69a-4b5b-b638-cfc377fe3edd 252568221-d06e271b-2843-48d1-b835-de7843d82292 Screenshot 2024-01-04 123313

Additional Context

Likely Scenario A user wants to run multiple reports and does so by opening each in a new tab from the Reports page of the web vault. The user may then be provided with false negative reports.

Issue History First tested/reported in July 2023 in #5782 but my account was flagged at the time of posting so the Issue was not visible publicly. The issue persists as at 4 January 2024 in web-vault version 2023.12.0.

Operating System

Windows, macOS

Operating System Version

No response

Web Browser

Chrome, Safari, Microsoft Edge, Firefox

Browser Version

No response

Build Version

2023.12.0

Issue Tracking Info

sammbw commented 9 months ago

Hi there,

Thank you for your report!

I was able to reproduce this issue, and I have flagged this to our engineering team.

If you wish to add any further information/screenshots/recordings etc., please feel free to do so at any time - our engineering team will be happy to review these.

Thanks once again!