Yubikey OTP failure #5264
Comments
|
Seems to work just fine for me using a YubiKey-5C via USB-C on my Laptop. Try to remove the key and add it again and see if that helps. |
|
I tried doing that before filling the issue and I get the same error. This is a Yubikey 5C NFC. No idea how to move forward, especially as it was working fine before. |
|
Some extra info: reverting to 1.32.5 tag works fine. But using 1.32.5-d7adce97 (latest testing image) fails with the error previously mentioned. |
|
I'm using the same version |
|
Any extra info I could provide to move forward? I guess it could be related to #5248 but I do not have anymore the previous docker image to test against. |
|
I think you need to add one or two |
|
Thanks a lot, that helped. BTW great work and dedication for this project, this is greatly appreciated 👍 |
|
Cool. Great that it worked. Assuming or fixing it automatically could also cause strange issues sometimes. |
Vaultwarden Support String
Your environment (Generated via diagnostics page)
Config (Generated via diagnostics page)
Show Running Config
Environment settings which are overridden: ADMIN_TOKEN, YUBICO_CLIENT_ID, YUBICO_SECRET_KEY
{ "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "cid:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "***************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://************************", "domain_origin": "*****://************************", "domain_path": "", "domain_set": true, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": true, "enforce_single_org_with_reset_pw_policy": false, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "experimental_client_feature_flags": "fido2-vault-credentials,ssh-key-vault-item,ssh-agent,extension-refresh", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "http_request_block_non_global_ips": true, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "increase_note_size_limit": false, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": "/data/vaultwarden.log", "log_level": "trace", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": true, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 100000, "push_enabled": true, "push_identity_uri": "https://identity.bitwarden.com", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": true, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "************************", "smtp_from_name": "Vaultwarden", "smtp_host": "**************", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "************************", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": 30, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": "96472", "yubico_secret_key": "***", "yubico_server": null }Vaultwarden Build Version
1.32.5-d7adce97
Deployment method
Official Container Image
Custom deployment method
No response
Reverse Proxy
nginx on Synology NAS
Host/Server Operating System
NAS/SAN
Operating System Version
NAS Synology 7.2.2
Clients
Web Vault
Client Version
No response
Steps To Reproduce
Try to use Yubikey OTP for 2nd step authentication.
Expected Result
Yubikey OTP succeeds.
Actual Result
The Vaultwarden logs shows an error regarding an invalid padding. This used to work in the past (the Yubikey is registered in my account and was working fine the last time I tried it some time ago). Moreover the Yubikey works fine with https://demo.yubico.com/otp/verify
Logs
Screenshots or Videos
No response
Additional Context
No response
The text was updated successfully, but these errors were encountered: