search

bitwarden / mobile

Retired Bitwarden mobile app for iOS and Android (MAUI/Xamarin).
https://bitwarden.com
GNU General Public License v3.0
66 stars 9 forks source link

Android: Potential security issue: Trying to connect to an unexpected IP #1466

Open mVHDubO9yZsi3tBaj8Zo22VDIuZ1wJdELrww1vg opened 3 years ago

mVHDubO9yZsi3tBaj8Zo22VDIuZ1wJdELrww1vg commented 3 years ago

Using the Android app v2.11.0.

I am self-hosting VaultWarden. I am trying to access VW on a local network with a domain registered on my local DNS. When trying to connect the Android client to my server (both on the same local network), the request is timing out with following error:

vaultwarden.mydomain.net/3.223.115.185 (port 443) from 192.168.1.113 (port 43768)
isConnected failed

I am alarmed by the attempted connection to 3.223.115.185 (seems to be an AWS address).

Steps To Reproduce

  1. At Bitwarden client login page, tap the cog to enter settings
  2. Change the Server URL to local domain.
  3. Tap 'Save'
  4. Tap 'Log in'
  5. Enter VaultWarden credentials and tap 'Log in'

Environment

tAbIkUi4blEAu4VW0M5YzJirfSmb81ikaEnVLxy commented 3 years ago

Hi @tomturton,

  1. What is the IP address of your local bitwarden_rs server?
  2. Is this IP address (3.223.115.185) present in your local configuration? Do you have a DNS record pointing to it?
  3. Where do you see this error message on your Android device, exactly?

Thank you in advance,

mVHDubO9yZsi3tBaj8Zo22VDIuZ1wJdELrww1vg commented 3 years ago

Hi @SergeantConfused

  1. 192.168.1.104
  2. To my knowledge, no. I certainly haven't manually entered that IP anywhere.
  3. In the Bitwarden mobile client, upon trying to log in to my VaultWarden server/account.