github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-03-09 11:44:41 -05:00
Code Issues 144 Packages Projects Releases 116 Wiki Activity

[Bug][2023.8.0] Bitwarden crash after master password re-prompt if used biometric option to unlock app #1714

New Issue
Closed
opened 2025-11-26 22:56:10 -06:00 by GiteaMirror · 3 comments
GiteaMirror commented 2025-11-26 22:56:10 -06:00
Owner
Copy Link

Originally created by @Gravemind2015 on GitHub (Sep 7, 2023).

Steps To Reproduce

  1. Force stop bitwarden to start from clean state.
  2. Use biometric login (fingerprint in my case) instead of putting master password to unlock bitwarden.
  3. Try one of these options that require master password re-input:
    (i) 'show password' button on logins where Master Password Re-Prompt is enabled, or
    (ii) Attempt to clone such login as in (i)
    (iii) Attempt to export vault data

Expected Result

After putting in the master password for Re-Prompt, bitwarden should shouldn't crash and :
(i) show password
(ii) clone the entry
(iii) show documentprovider UI

Actual Result

After putting in the master password for Re-Prompt, bitwarden crashes. I can confirm for both play store and bitwarden f-droid repo builds, version 2023.8.0. Also can confirm that the github version 2023.7.0 doesn't have this issue.

Screenshots or Videos

I've captured the crash log, dunno if it has anything useful. It did have some alphanumeric strings, and I wasn't sure if it was sensitive so replaced them with xxxxxx,yyyyy,zzzzzz etc.

FATAL EXCEPTION: main Process: com.x8bit.bitwarden, PID: 20053 android.runtime.JavaProxyThrowable: System.ArgumentNullException: Value cannot be null. Parameter name: masterKey at Bit.Core.Services.CryptoService.HashMasterKeyAsync (System.String password, Bit.Core.Models.Domain.MasterKey masterKey, Bit.Core.Enums.HashPurpose hashPurpose) [0x000d6] in <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>:0 at Bit.Core.Services.CryptoService.CompareAndUpdateKeyHashAsync (System.String masterPassword, Bit.Core.Models.Domain.MasterKey key) [0x00139] in <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>:0 at Bit.App.Services.MobilePasswordRepromptService.ValidatePasswordAsync (System.String password) [0x0008e] in <yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy>:0 at Bit.App.Services.MobilePlatformUtilsService.ShowPasswordDialogAndGetItAsync (System.String title, System.String body, System.Func2[T,TResult] validator) [0x0014a] in <yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy>:0 at Bit.App.Services.MobilePlatformUtilsService.ShowPasswordDialogAsync (System.String title, System.String body, System.Func2[T,TResult] validator) [0x0007b] in <yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy>:0 at Bit.App.Services.MobilePasswordRepromptService.PromptAndCheckPasswordIfNeededAsync (Bit.Core.Enums.CipherRepromptType repromptType) [0x00144] in <yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy>:0 at Bit.App.Pages.CipherDetailsPageViewModel.PromptPasswordAsync () [0x00096] in <yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy>:0 at Bit.App.Pages.CipherDetailsPageViewModel.TogglePassword () [0x0006c] in <yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy>:0 at System.Runtime.CompilerServices.AsyncMethodBuilderCore+<>c.<ThrowAsync>b__7_0 (System.Object state) [0x00000] in <zzxzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz>:0 at Android.App.SyncContext+<>cDisplayClass2_0.<Post>b0 () [0x00000] in <ppppppppppppppppppppppppppppp>:0 at Java.Lang.Thread+RunnableImplementor.Run () [0x00008] in <ppppppppppppppppppppppppppppp>:0 at Java.Lang.IRunnableInvoker.n_Run (System.IntPtr jnienv, System.IntPtr native__this) [0x00008] in <ppppppppppppppppppppppppppppp>:0 at Android.Runtime.JNINativeWrapper.Wrap_JniMarshal_PP_V (_JniMarshal_PP_V callback, System.IntPtr jnienv, System.IntPtr klazz) [0x00005] in <ppppppppppppppppppppppppppppp>:0 at mono.java.lang.RunnableImplementor.n_run(Native Method) at mono.java.lang.RunnableImplementor.run(RunnableImplementor.java:31) at android.os.Handler.handleCallback(Handler.java:938) at android.os.Handler.dispatchMessage(Handler.java:99) at android.os.Looper.loopOnce(Looper.java:226) at android.os.Looper.loop(Looper.java:313) at android.app.ActivityThread.main(ActivityThread.java:8663) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:567) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1135)

Additional Context

The crash doesn't happen if the app is unlocked with master password itself. It happens only after enabling biometric login, force stopping (to restart the app), and then unlocking with biometric. I used fingerprint, and can confirm this on multiple devices, on different bitwarden accounts.

I also switched from pbkdf2 to argon2 while diagnosing and it didn't change/affect the problem AFAIK.

Lastly, in the template below I'll be specifying my own device details, but I've confirmed had this confirmed on android 13 devices like on Galaxy S23 Ultra.

Operating System

Android

Operating System Version

12

Device

Samsung M51

Build Version

SP1A.210812.016.M515FXXS5DWG1

Beta

  • Using a pre-release version of the application.
Originally created by @Gravemind2015 on GitHub (Sep 7, 2023). ### Steps To Reproduce 1. Force stop bitwarden to start from clean state. 2. Use biometric login (fingerprint in my case) instead of putting master password to unlock bitwarden. 3. Try one of these options that require master password re-input: (i) 'show password' button on logins where Master Password Re-Prompt is enabled, or (ii) Attempt to clone such login as in (i) (iii) Attempt to export vault data ### Expected Result After putting in the master password for Re-Prompt, bitwarden should shouldn't crash and : (i) show password (ii) clone the entry (iii) show documentprovider UI ### Actual Result After putting in the master password for Re-Prompt, bitwarden crashes. I can confirm for both play store and bitwarden f-droid repo builds, version 2023.8.0. Also can confirm that the [github version](https://github.com/bitwarden/mobile/releases/download/v2023.7.0/com.x8bit.bitwarden-fdroid.apk) 2023.7.0 doesn't have this issue. ### Screenshots or Videos I've captured the crash log, dunno if it has anything useful. It did have some alphanumeric strings, and I wasn't sure if it was sensitive so replaced them with xxxxxx,yyyyy,zzzzzz etc. `FATAL EXCEPTION: main Process: com.x8bit.bitwarden, PID: 20053 android.runtime.JavaProxyThrowable: System.ArgumentNullException: Value cannot be null. Parameter name: masterKey at Bit.Core.Services.CryptoService.HashMasterKeyAsync (System.String password, Bit.Core.Models.Domain.MasterKey masterKey, Bit.Core.Enums.HashPurpose hashPurpose) [0x000d6] in <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>:0 at Bit.Core.Services.CryptoService.CompareAndUpdateKeyHashAsync (System.String masterPassword, Bit.Core.Models.Domain.MasterKey key) [0x00139] in <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>:0 at Bit.App.Services.MobilePasswordRepromptService.ValidatePasswordAsync (System.String password) [0x0008e] in <yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy>:0 at Bit.App.Services.MobilePlatformUtilsService.ShowPasswordDialogAndGetItAsync (System.String title, System.String body, System.Func2[T,TResult] validator) [0x0014a] in <yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy>:0 at Bit.App.Services.MobilePlatformUtilsService.ShowPasswordDialogAsync (System.String title, System.String body, System.Func2[T,TResult] validator) [0x0007b] in <yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy>:0 at Bit.App.Services.MobilePasswordRepromptService.PromptAndCheckPasswordIfNeededAsync (Bit.Core.Enums.CipherRepromptType repromptType) [0x00144] in <yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy>:0 at Bit.App.Pages.CipherDetailsPageViewModel.PromptPasswordAsync () [0x00096] in <yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy>:0 at Bit.App.Pages.CipherDetailsPageViewModel.TogglePassword () [0x0006c] in <yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy>:0 at System.Runtime.CompilerServices.AsyncMethodBuilderCore+<>c.<ThrowAsync>b__7_0 (System.Object state) [0x00000] in <zzxzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz>:0 at Android.App.SyncContext+<>cDisplayClass2_0.<Post>b0 () [0x00000] in <ppppppppppppppppppppppppppppp>:0 at Java.Lang.Thread+RunnableImplementor.Run () [0x00008] in <ppppppppppppppppppppppppppppp>:0 at Java.Lang.IRunnableInvoker.n_Run (System.IntPtr jnienv, System.IntPtr native__this) [0x00008] in <ppppppppppppppppppppppppppppp>:0 at Android.Runtime.JNINativeWrapper.Wrap_JniMarshal_PP_V (_JniMarshal_PP_V callback, System.IntPtr jnienv, System.IntPtr klazz) [0x00005] in <ppppppppppppppppppppppppppppp>:0 at mono.java.lang.RunnableImplementor.n_run(Native Method) at mono.java.lang.RunnableImplementor.run(RunnableImplementor.java:31) at android.os.Handler.handleCallback(Handler.java:938) at android.os.Handler.dispatchMessage(Handler.java:99) at android.os.Looper.loopOnce(Looper.java:226) at android.os.Looper.loop(Looper.java:313) at android.app.ActivityThread.main(ActivityThread.java:8663) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:567) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1135)` ### Additional Context The crash doesn't happen if the app is unlocked with master password itself. It happens only after enabling biometric login, force stopping (to restart the app), and then unlocking with biometric. I used fingerprint, and can confirm this on multiple devices, on different bitwarden accounts. I also switched from pbkdf2 to argon2 while diagnosing and it didn't change/affect the problem AFAIK. Lastly, in the template below I'll be specifying my own device details, but I've confirmed had this confirmed on android 13 devices like on Galaxy S23 Ultra. ### Operating System Android ### Operating System Version 12 ### Device Samsung M51 ### Build Version SP1A.210812.016.M515FXXS5DWG1 ### Beta - [ ] Using a pre-release version of the application.
GiteaMirror added the bug label 2025-11-26 22:56:10 -06:00
GiteaMirror commented 2025-11-26 22:56:11 -06:00
Author
Owner
Copy Link

@singhnsk commented on GitHub (Sep 7, 2023):

Reproducible on a Samsung S23 Ultra as well. Hoping for a fix :)

@singhnsk commented on GitHub (Sep 7, 2023): Reproducible on a Samsung S23 Ultra as well. Hoping for a fix :)
GiteaMirror commented 2025-11-26 22:56:11 -06:00
Author
Owner
Copy Link

@djsmith85 commented on GitHub (Sep 7, 2023):

Duplicate of https://github.com/bitwarden/mobile/issues/2733

@djsmith85 commented on GitHub (Sep 7, 2023): Duplicate of https://github.com/bitwarden/mobile/issues/2733
GiteaMirror commented 2025-11-26 22:56:11 -06:00
Author
Owner
Copy Link

@djsmith85 commented on GitHub (Sep 7, 2023):

@Gravemind2015 and @singhnsk Thank you for your reports, this seems to have previously been reported with https://github.com/bitwarden/mobile/issues/2733 and a fix has been issued with #2713 which will be included in the next release (2023.9)

@djsmith85 commented on GitHub (Sep 7, 2023): @Gravemind2015 and @singhnsk Thank you for your reports, this seems to have previously been reported with https://github.com/bitwarden/mobile/issues/2733 and a fix has been issued with #2713 which will be included in the next release (`2023.9`)
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#1714
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?