Open 6IMIBEqK5aPB9ECDLFWbsLMINTjleNOvWBq9LUI opened 1 year ago
6IMIBEqK5aPB9ECDLFWbsLMINTjleNOvWBq9LUI
commented
1 year ago To reproduce:
1) Log in. 2) Read the email you receive with subject: "New Device Logged In..." And see that the IP of this new login is not your IP.
6IMIBEqK5aPB9ECDLFWbsLMINTjleNOvWBq9LUI
commented
1 year ago iOS same thing.
6IMIBEqK5aPB9ECDLFWbsLMINTjleNOvWBq9LUI
commented
1 year ago A guy reported this over 4 years ago. Then the founder of Bitwarden solved the problem by adding a setting to just disable the new login alert emails. No I'm not joking. 🤦
https://github.com/bitwarden/server/issues/466
And the guy said... Thanks! 🤦♂️ 🤦♂️
tAbIkUi4blEAu4VW0M5YzJirfSmb81ikaEnVLxy
commented
1 year ago Hi @unoukujou,
Thank you for your report; I am able to reproduce this and I have flagged it to our engineering team.
If you wish to add any further information/screenshots/recordings etc., please feel free to do so at any time - our engineering team will be happy to review these.
Thank you again,
xOzucn3DW3oAE8q6idCHcKKVDfqSjKStWEi38E6
commented
1 year ago Using apache as a reverse proxy, keep getting these for "172.19.0.1"
Setting either
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 172.16.0.0/12or
ProxyPreserveHost OnYields no improvement.
Also yields no results (adding the IPv6 results in the 172.x being shown again):
real_ips: ['192.168.199.0/24', '172.16.0.0/12', '::ffff/48']
I logged in with a new device on EU server.
Got email:
This is NOT my IP.
I'm not using a proxy or VPN.
I think this is the IP of the server that is hosting bitwarden EU.
Googled it and yes, I'm not the only one.
Not good. Just saying. Bitwarden is supposed to be highly secure and these kind of issues just doesn't make me feel at ease. An alert telling me a new device logged in, and it gives me the wrong IP. What am I supposed to think? Was it me? Or not? I'm screwed? Help!
Expected Result
My IP
Actual Result
Not my IP
Operating System
Android