Open 6IMIBEqK5aPB9ECDLFWbsLMINTjleNOvWBq9LUI opened 1 year ago
To reproduce:
1) Log in. 2) Read the email you receive with subject: "New Device Logged In..." And see that the IP of this new login is not your IP.
iOS same thing.
A guy reported this over 4 years ago. Then the founder of Bitwarden solved the problem by adding a setting to just disable the new login alert emails. No I'm not joking. 🤦
https://github.com/bitwarden/server/issues/466
And the guy said... Thanks! 🤦♂️ 🤦♂️
Hi @unoukujou,
Thank you for your report; I am able to reproduce this and I have flagged it to our engineering team.
If you wish to add any further information/screenshots/recordings etc., please feel free to do so at any time - our engineering team will be happy to review these.
Thank you again,
Using apache as a reverse proxy, keep getting these for "172.19.0.1"
Setting either
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 172.16.0.0/12
or
ProxyPreserveHost On
Yields no improvement.
Also yields no results (adding the IPv6 results in the 172.x being shown again):
real_ips: ['192.168.199.0/24', '172.16.0.0/12', '::ffff/48']
I logged in with a new device on EU server.
Got email:
This is NOT my IP.
I'm not using a proxy or VPN.
I think this is the IP of the server that is hosting bitwarden EU.
Googled it and yes, I'm not the only one.
Not good. Just saying. Bitwarden is supposed to be highly secure and these kind of issues just doesn't make me feel at ease. An alert telling me a new device logged in, and it gives me the wrong IP. What am I supposed to think? Was it me? Or not? I'm screwed? Help!
Expected Result
My IP
Actual Result
Not my IP
Operating System
Android