search

lastpass / lastpass-cli

LastPass command line interface tool
GNU General Public License v2.0
2.85k stars 290 forks source link

Error: HTTP response code said error. #601

Closed quisse closed 3 years ago

quisse commented 3 years ago

Can't seem to retrieve passwords via the cli. Following error occurs: Error: HTTP response code said error.

Log data when running lpass ls:

<7> [1618909846.491621] Making request to https://lastpass.com/getaccts.php
*   Trying 23.43.216.254:443...
* Connected to lastpass.com (23.43.216.254) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: businessCategory=Private Organization; serialNumber=3830661; jurisdictionC=US; jurisdictionST=Delaware; C=US; ST=Massachusetts; L=Boston; street=320 Summer St; O=LogMeIn, Inc.; CN=lastpass.com
*  start date: Jul  1 17:02:07 2020 GMT
*  expire date: Aug 14 16:58:09 2022 GMT
*  subjectAltName: host "lastpass.com" matched cert's "lastpass.com"
*  issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Extended Validation CA - SHA256 - G3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fbacf809200)
> POST /getaccts.php HTTP/2
Host: lastpass.com
user-agent: LastPass-CLI/1.3.3.GIT
accept: */*
cookie: PHPSESSID=*******
content-length: 43
content-type: application/x-www-form-urlencoded

* We are completely uploaded and fine
* old SSL session ID is stale, removing
< HTTP/2 403
< content-type: text/html; charset=UTF-8
< vary: Accept-Encoding
< x-frame-options: SAMEORIGIN
< content-security-policy: default-src 'self' https://admin.lastpass.com; img-src 'self' https://lastpass.com data: blob: https://analytics.twitter.com/i/adsct https://www.google-analytics.com/; object-src 'self' https://*.googlevideo.com; connect-src 'self' https://lastpass.com wss://*.lastpass.com https://5399020466.log.optimizely.com https://pollserver.lastpass.com https://loglogin.lastpass.com https://accounts.lastpass.com https://login.microsoftonline.com https://graph.microsoft.com https://login.microsoftonline.us https://graph.microsoft.us https://*.okta.com https://*.oktapreview.com https://*.okta-emea.com https://provisioning-api-prod.service.lastpass.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' https://lastpass.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://lastpass.com https://www.youtube.com https://*.ytimg.com https://*.optimizely.com https://lp-cdn.lastpass.com; font-src data: 'self' 'unsafe-inline' 'unsafe-eval' https://lastpass.com; frame-src 'self' https://ssl.gstatic.com https://www.google.com https://www.youtube.com https://cdn.lmiutil.com
< p3p: CP="NON DSP COR CUR OUR LEG PHY COM"
< pragma: no-cache
< cache-control: no-cache, private, no-store, max-age=0, s-maxage=0, must-revalidate, proxy-revalidate
< expires: 0
< server: LastPass
< strict-transport-security: max-age=86400000
< x-xss-protection: 1; mode=block
< x-content-type-options: nosniff
< vary: Origin, Accept-Encoding
< content-encoding: gzip
< content-length: 48
< date: Tue, 20 Apr 2021 09:10:46 GMT
< set-cookie: PHPSESSID=*******; Expires=Mon, 03 May 2021 09:10:46 +0000; Max-Age=1123200; Path=/; SameSite=None; Secure; HttpOnly
* The requested URL returned error: 403
* stopped the pause stream!
* Connection #0 to host lastpass.com left intact
quisse commented 3 years ago

After login in on the website I had to set a new master password. Strange that both the cli and the macOS app don't notify about this -.-'