Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bitwarden Firefox Extension Blocks Yubikey 5 USB WebAuthN Authentication Attempts - Linux Firefox Flatpak #7169

Closed
1 task done
arazilsongweaver opened this issue Dec 11, 2023 · 2 comments
Closed
1 task done

Bitwarden Firefox Extension Blocks Yubikey 5 USB WebAuthN Authentication Attempts - Linux Firefox Flatpak #7169

arazilsongweaver opened this issue Dec 11, 2023 · 2 comments
Labels
browser Browser Extension bug

Comments

@arazilsongweaver
Copy link

arazilsongweaver commented Dec 11, 2023
edited
Loading

Steps To Reproduce

  1. Register a Yubikey 5 USB key with PIN code authentication to a MFA WebAuthN website (e.g. Cloudflare).
  2. Register the site with Bitwarden for username, password, and TOTP but NOT WebAuthN / Passkey.
  3. Install Firefox Flatpak and Bitwarden Extension for Firefox on Debian Linux.
  4. Log in to and unlock Bitwarden Extension on Firefox.
  5. Go to the site from Steps 1-2 and use Bitwarden Extension to auto fill username and password.
  6. Attempt to MFA authenticate via WebAuthN using the Yubikey 5 USB key.

Expected Result

The Firefox PIN unlock screen is displayed because Bitwarden is not registered to use Passkeys on the site. User enters the correct PIN for the Yubikey 5 USB and WebAuthN continues via the Yubikey 5 USB device.

Actual Result

Bitwarden Extension disables the browser's ability to authenticate via the Yubikey 5 USB key. The Firefox PIN unlock screen is never displayed.

Screenshots or Videos

No response

Additional Context

Temporarily disabling the add on via "Manage Add Ons" and reloading the WebAuthN MFA prompt page restores full authentication functionality to the Yubikey 5 USB key.

Operating System

Linux

Operating System Version

trixie/sid

Web Browser

Firefox

Browser Version

120.0.1 Flatpak

Build Version

2023.10.2

Issue Tracking Info

  • I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
@arazilsongweaver arazilsongweaver added browser Browser Extension bug labels Dec 11, 2023
@atjbramley
Copy link
Contributor

Hi @arazilsongweaver,

Thanks for your report!

Bitwarden does not currently manage the Flatpak release:

This wrapper is not verified by, affiliated with, or supported by 8bit Solutions LLC.
(from https://flathub.org/apps/com.bitwarden.desktop)

As such, this report will be closed.

If you are able to reproduce this issue with supported clients, please feel free to open a new bug report.

@edisondotme
Copy link

This issue can now be reopened since Bitwarden has verified the Flatpak release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
browser Browser Extension bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@arazilsongweaver @edisondotme @atjbramley