Requiring a master password 2nd prompt prevents accessing hidden fields completely #1708

New Issue

GiteaMirror · 2025-11-26T22:55:59-06:00

GiteaMirror commented

2025-11-26 22:55:59 -06:00

Originally created by @Zoarial94 on GitHub (Aug 29, 2023).

Steps To Reproduce

Unlock the vault
Create a Login or Card
Set the Login or Card to require a master password re-prompt
Attempt to view a hidden field or auto-fill with a hidden field
Enter master password and submit

Expected Result

Viewing hidden field: The hidden view becomes visible and the field can be copied.

Auto-fill: The web page fields are filled with the login credentials.

Actual Result

Trying to view the field after submitting the master password causes the app to crash. Crash details are provided below.

Attempting to autofill after entering the master password causes an error message to appear. Screenshot is attached below.

Screenshots or Videos

Additional Context

These issues were not present before the recent Bitwarden update. Running GrapheneOS on Pixel 6 Pro

type: crash
osVersion: google/raven/raven:13/TQ3A.230805.001/2023080800:user/release-keys
package: com.x8bit.bitwarden:7466
process: com.x8bit.bitwarden
processUptime: 33080 + 283 ms
installer: com.machiav3lli.fdroid

android.runtime.JavaProxyThrowable: System.ArgumentNullException: Value cannot be null.
Parameter name: masterKey
  at Bit.Core.Services.CryptoService.HashMasterKeyAsync (System.String password, Bit.Core.Models.Domain.MasterKey masterKey, Bit.Core.Enums.HashPurpose hashPurpose) [0x000d6] in <f07854797d46496b9100d20eaba7a347>:0 
  at Bit.Core.Services.CryptoService.CompareAndUpdateKeyHashAsync (System.String masterPassword, Bit.Core.Models.Domain.MasterKey key) [0x00139] in <f07854797d46496b9100d20eaba7a347>:0 
  at Bit.App.Services.MobilePasswordRepromptService.ValidatePasswordAsync (System.String password) [0x0008e] in <de23e43971854118ba974e2087dc9cb2>:0 
  at Bit.App.Services.MobilePlatformUtilsService.ShowPasswordDialogAndGetItAsync (System.String title, System.String body, System.Func`2[T,TResult] validator) [0x0014a] in <de23e43971854118ba974e2087dc9cb2>:0 
  at Bit.App.Services.MobilePlatformUtilsService.ShowPasswordDialogAsync (System.String title, System.String body, System.Func`2[T,TResult] validator) [0x0007b] in <de23e43971854118ba974e2087dc9cb2>:0 
  at Bit.App.Services.MobilePasswordRepromptService.PromptAndCheckPasswordIfNeededAsync (Bit.Core.Enums.CipherRepromptType repromptType) [0x00144] in <de23e43971854118ba974e2087dc9cb2>:0 
  at Bit.App.Pages.CipherDetailsPageViewModel.PromptPasswordAsync () [0x00096] in <de23e43971854118ba974e2087dc9cb2>:0 
  at Bit.App.Pages.CipherDetailsPageViewModel.ToggleCardNumber () [0x0006c] in <de23e43971854118ba974e2087dc9cb2>:0 
  at System.Runtime.CompilerServices.AsyncMethodBuilderCore+<>c.<ThrowAsync>b__7_0 (System.Object state) [0x00000] in <02ad209422ae438b968526de640f4472>:0 
  at Android.App.SyncContext+<>c__DisplayClass2_0.<Post>b__0 () [0x00000] in <bb60a58b996e4a74bfae2ccc1fa7f1be>:0 
  at Java.Lang.Thread+RunnableImplementor.Run () [0x00008] in <bb60a58b996e4a74bfae2ccc1fa7f1be>:0 
  at Java.Lang.IRunnableInvoker.n_Run (System.IntPtr jnienv, System.IntPtr native__this) [0x00008] in <bb60a58b996e4a74bfae2ccc1fa7f1be>:0 
  at Android.Runtime.JNINativeWrapper.Wrap_JniMarshal_PP_V (_JniMarshal_PP_V callback, System.IntPtr jnienv, System.IntPtr klazz) [0x00005] in <bb60a58b996e4a74bfae2ccc1fa7f1be>:0 
	at mono.java.lang.RunnableImplementor.n_run(Native Method)
	at mono.java.lang.RunnableImplementor.run(RunnableImplementor.java:31)
	at android.os.Handler.handleCallback(Handler.java:942)
	at android.os.Handler.dispatchMessage(Handler.java:99)
	at android.os.Looper.loopOnce(Looper.java:201)
	at android.os.Looper.loop(Looper.java:288)
	at android.app.ActivityThread.main(ActivityThread.java:7940)
	at java.lang.reflect.Method.invoke(Native Method)
	at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:548)
	at com.android.internal.os.ExecInit.main(ExecInit.java:49)
	at com.android.internal.os.RuntimeInit.nativeFinishInit(Native Method)
	at com.android.internal.os.RuntimeInit.main(RuntimeInit.java:355)

Operating System

Android

Operating System Version

13

Device

Pixel 6 Pro

Build Version

2023.8.0 (7466) (F-Droid)

Beta

Using a pre-release version of the application.

Originally created by @Zoarial94 on GitHub (Aug 29, 2023). ### Steps To Reproduce 1. Unlock the vault 2. Create a Login or Card 3. Set the Login or Card to require a master password re-prompt 4. Attempt to view a hidden field or auto-fill with a hidden field 5. Enter master password and submit ### Expected Result Viewing hidden field: The hidden view becomes visible and the field can be copied. Auto-fill: The web page fields are filled with the login credentials. ### Actual Result Trying to view the field after submitting the master password causes the app to crash. Crash details are provided below. Attempting to autofill after entering the master password causes an error message to appear. Screenshot is attached below. ### Screenshots or Videos ![IMG_20230829_110658](https://github.com/bitwarden/mobile/assets/20785870/0f3c467f-d7d7-4aab-95f6-474c555deaae) ### Additional Context These issues were not present before the recent Bitwarden update. Running GrapheneOS on Pixel 6 Pro ``` type: crash osVersion: google/raven/raven:13/TQ3A.230805.001/2023080800:user/release-keys package: com.x8bit.bitwarden:7466 process: com.x8bit.bitwarden processUptime: 33080 + 283 ms installer: com.machiav3lli.fdroid android.runtime.JavaProxyThrowable: System.ArgumentNullException: Value cannot be null. Parameter name: masterKey at Bit.Core.Services.CryptoService.HashMasterKeyAsync (System.String password, Bit.Core.Models.Domain.MasterKey masterKey, Bit.Core.Enums.HashPurpose hashPurpose) [0x000d6] in <f07854797d46496b9100d20eaba7a347>:0 at Bit.Core.Services.CryptoService.CompareAndUpdateKeyHashAsync (System.String masterPassword, Bit.Core.Models.Domain.MasterKey key) [0x00139] in <f07854797d46496b9100d20eaba7a347>:0 at Bit.App.Services.MobilePasswordRepromptService.ValidatePasswordAsync (System.String password) [0x0008e] in <de23e43971854118ba974e2087dc9cb2>:0 at Bit.App.Services.MobilePlatformUtilsService.ShowPasswordDialogAndGetItAsync (System.String title, System.String body, System.Func`2[T,TResult] validator) [0x0014a] in <de23e43971854118ba974e2087dc9cb2>:0 at Bit.App.Services.MobilePlatformUtilsService.ShowPasswordDialogAsync (System.String title, System.String body, System.Func`2[T,TResult] validator) [0x0007b] in <de23e43971854118ba974e2087dc9cb2>:0 at Bit.App.Services.MobilePasswordRepromptService.PromptAndCheckPasswordIfNeededAsync (Bit.Core.Enums.CipherRepromptType repromptType) [0x00144] in <de23e43971854118ba974e2087dc9cb2>:0 at Bit.App.Pages.CipherDetailsPageViewModel.PromptPasswordAsync () [0x00096] in <de23e43971854118ba974e2087dc9cb2>:0 at Bit.App.Pages.CipherDetailsPageViewModel.ToggleCardNumber () [0x0006c] in <de23e43971854118ba974e2087dc9cb2>:0 at System.Runtime.CompilerServices.AsyncMethodBuilderCore+<>c.<ThrowAsync>b__7_0 (System.Object state) [0x00000] in <02ad209422ae438b968526de640f4472>:0 at Android.App.SyncContext+<>c__DisplayClass2_0.<Post>b__0 () [0x00000] in <bb60a58b996e4a74bfae2ccc1fa7f1be>:0 at Java.Lang.Thread+RunnableImplementor.Run () [0x00008] in <bb60a58b996e4a74bfae2ccc1fa7f1be>:0 at Java.Lang.IRunnableInvoker.n_Run (System.IntPtr jnienv, System.IntPtr native__this) [0x00008] in <bb60a58b996e4a74bfae2ccc1fa7f1be>:0 at Android.Runtime.JNINativeWrapper.Wrap_JniMarshal_PP_V (_JniMarshal_PP_V callback, System.IntPtr jnienv, System.IntPtr klazz) [0x00005] in <bb60a58b996e4a74bfae2ccc1fa7f1be>:0 at mono.java.lang.RunnableImplementor.n_run(Native Method) at mono.java.lang.RunnableImplementor.run(RunnableImplementor.java:31) at android.os.Handler.handleCallback(Handler.java:942) at android.os.Handler.dispatchMessage(Handler.java:99) at android.os.Looper.loopOnce(Looper.java:201) at android.os.Looper.loop(Looper.java:288) at android.app.ActivityThread.main(ActivityThread.java:7940) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:548) at com.android.internal.os.ExecInit.main(ExecInit.java:49) at com.android.internal.os.RuntimeInit.nativeFinishInit(Native Method) at com.android.internal.os.RuntimeInit.main(RuntimeInit.java:355) ``` ### Operating System Android ### Operating System Version 13 ### Device Pixel 6 Pro ### Build Version 2023.8.0 (7466) (F-Droid) ### Beta - [ ] Using a pre-release version of the application.

GiteaMirror added the bug label 2025-11-26 22:55:59 -06:00

GiteaMirror closed this issue

2025-11-26 22:55:59 -06:00

GiteaMirror commented

2025-11-26 22:56:00 -06:00

@OJ7 commented on GitHub (Sep 1, 2023):

Seeing this on Samsung Galaxy S22+ with the latest bitwarden version as well.

This is a severe bug that prevents access to important login information. The only workaround to accessing them is by loading up the bitwarden website or desktop app to grab the credentials.

@OJ7 commented on GitHub (Sep 1, 2023): Seeing this on Samsung Galaxy S22+ with the latest bitwarden version as well. This is a severe bug that prevents access to important login information. The only workaround to accessing them is by loading up the bitwarden website or desktop app to grab the credentials.

GiteaMirror commented

2025-11-26 22:56:00 -06:00

@cbbit commented on GitHub (Sep 1, 2023):

Hi there!

Thank you for your report, it seems like it is a duplicate of this one https://github.com/bitwarden/clients/issues/6153 .

If you wish to add any further information/screenshots/recordings etc., please feel free to do so at any time in there - our engineering team will be happy to review these.

This issue will now be closed.

Thanks!

@cbbit commented on GitHub (Sep 1, 2023): Hi there! Thank you for your report, it seems like it is a duplicate of this one https://github.com/bitwarden/clients/issues/6153 . If you wish to add any further information/screenshots/recordings etc., please feel free to do so at any time in there - our engineering team will be happy to review these. This issue will now be closed. Thanks!