Identities not protected when Master password re-prompt is enabled

d3athrow commented 1 month ago

Steps To Reproduce

go to identity
either select an identity that has Master password re-prompt enabled or create a new one and check that box
access the desired identity
view entire saved identity information

Expected Result

Master password is required to view the sensitive information inside the identity

Actual Result

You can view the entire saved identity information and the master password is only required for autofill, cloning, or editing

Screenshots or Videos

No response

Additional Context

Desktop app and android app is also affected however Master password re-prompt functions properly for the web version of bitwarden when accessing an identity.

Operating System

Windows

Operating System Version

No response

Web Browser

Chrome

Browser Version

No response

Build Version

2024.4.2

Issue Tracking Info

[X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

sammbw commented 1 month ago

Hi there,

Thank you for your report!

I was able to reproduce this issue, and I have flagged this to our engineering team.

If you wish to add any further information/screenshots/recordings etc., please feel free to do so at any time - our engineering team will be happy to review these.

Thanks once again!

bwbug commented 4 weeks ago

@d3athrow @sammbw This is a duplicate of #9373.

Also, this is not a bug — the feature is behaving as designed.

You can vote for this as a Feature Request on the Community Forum, in the following thread:

https://community.bitwarden.com/t/require-re-prompt-for-entire-item-view-edit-etc/31737

bitwarden / clients