github-starred/vaultwarden
2
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-03-11 17:41:29 -05:00
Code Issues 79 Packages Projects Releases 78 Wiki Activity

Still able to sign up even if signups_allowed is set to false #4657

New Issue
Closed
opened 2026-03-07 19:56:49 -06:00 by GiteaMirror · 6 comments
GiteaMirror commented 2026-03-07 19:56:49 -06:00
Owner
Copy Link

Originally created by @toobie83 on GitHub (Apr 26, 2021).

Hi there,

I was able to create a new account on my bitwarden server, even as the signups_allowed flag is set to false.

a) Is this known? or just me?
b) is there a way to look into the database if there exists any new/unknown accounts which are not mine?

image

Originally created by @toobie83 on GitHub (Apr 26, 2021). Hi there, I was able to create a new account on my bitwarden server, even as the signups_allowed flag is set to false. a) Is this known? or just me? b) is there a way to look into the database if there exists any new/unknown accounts which are not mine? ![image](https://user-images.githubusercontent.com/59822996/116048564-953b2d80-a675-11eb-8a1c-c9d6a559956b.png)
GiteaMirror commented 2026-03-07 19:56:51 -06:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Apr 26, 2021):

Could you post a support string which you can generate via /admin/diagnostics please?
Also, via /admin you are able to see the users which are on your server.

@BlackDex commented on GitHub (Apr 26, 2021): Could you post a support string which you can generate via /admin/diagnostics please? Also, via /admin you are able to see the users which are on your server.
GiteaMirror commented 2026-03-07 19:56:52 -06:00
Author
Owner
Copy Link

@toobie83 commented on GitHub (Apr 26, 2021):

Could you post a support string which you can generate via /admin/diagnostics please?
Also, via /admin you are able to see the users which are on your server.

Your environment (Generated via diagnostics page)

  • Bitwarden_rs version: v1.20.0
  • Web-vault version: v2.19.0
  • Running within Docker: true
  • Uses a reverse proxy: true
  • IP Header check: true (X-Real-IP)
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Time Check: true
  • Domain Configuration Check: false
  • HTTPS Check: false
  • Database type: SQLite
  • Database version: 3.33.0
  • Clients used:
  • Reverse proxy and version:
  • Other relevant information:

Config (Generated via diagnostics page)

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_ip_header_enabled": true,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_max_conns": 10,
  "database_url": "****/**.*******",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "****://*********",
  "domain_origin": "****://*********",
  "domain_path": "",
  "domain_set": false,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "invitation_org_name": "Bitwarden_RS",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "org_attachment_limit": null,
  "org_creation_users": "",
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "sends_folder": "data/sends",
  "show_password_hint": true,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_explicit_tls": false,
  "smtp_from": "",
  "smtp_from_name": "Bitwarden_RS",
  "smtp_host": null,
  "smtp_password": null,
  "smtp_port": 587,
  "smtp_ssl": true,
  "smtp_timeout": 15,
  "smtp_username": null,
  "templates_folder": "data/templates",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": false,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Didnt know that a admin panel exists, thx for suggesting :)

@toobie83 commented on GitHub (Apr 26, 2021): > Could you post a support string which you can generate via /admin/diagnostics please? > Also, via /admin you are able to see the users which are on your server. ### Your environment (Generated via diagnostics page) * Bitwarden_rs version: v1.20.0 * Web-vault version: v2.19.0 * Running within Docker: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: false * HTTPS Check: false * Database type: SQLite * Database version: 3.33.0 * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_ip_header_enabled": true, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_max_conns": 10, "database_url": "****/**.*******", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "****://*********", "domain_origin": "****://*********", "domain_path": "", "domain_set": false, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "invitation_org_name": "Bitwarden_RS", "invitations_allowed": true, "ip_header": "X-Real-IP", "log_file": null, "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "org_attachment_limit": null, "org_creation_users": "", "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "sends_folder": "data/sends", "show_password_hint": true, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_explicit_tls": false, "smtp_from": "", "smtp_from_name": "Bitwarden_RS", "smtp_host": null, "smtp_password": null, "smtp_port": 587, "smtp_ssl": true, "smtp_timeout": 15, "smtp_username": null, "templates_folder": "data/templates", "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": false, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` Didnt know that a admin panel exists, thx for suggesting :)
GiteaMirror commented 2026-03-07 19:56:53 -06:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Apr 26, 2021):

Ok, looks like it shouldn't be possible.
We're you just able to create a new account right from the main page?
And what happens if you try it again? With a different email?

@BlackDex commented on GitHub (Apr 26, 2021): Ok, looks like it shouldn't be possible. We're you just able to create a new account right from the main page? And what happens if you try it again? With a different email?
GiteaMirror commented 2026-03-07 19:56:53 -06:00
Author
Owner
Copy Link

@toobie83 commented on GitHub (Apr 26, 2021):

Ok, looks like it shouldn't be possible.
We're you just able to create a new account right from the main page?
And what happens if you try it again? With a different email?

The point I noticed this, I was able to create a new account on the main page and I was also able to login into this account after that. Of course different email than my normale one.

@toobie83 commented on GitHub (Apr 26, 2021): > Ok, looks like it shouldn't be possible. > We're you just able to create a new account right from the main page? > And what happens if you try it again? With a different email? The point I noticed this, I was able to create a new account on the main page and I was also able to login into this account after that. Of course different email than my normale one.
GiteaMirror commented 2026-03-07 19:56:54 -06:00
Author
Owner
Copy Link

@toobie83 commented on GitHub (Apr 26, 2021):

Tried it now with a different email address:
image

The only change I made was to enable the admin panel. Dont know why it is now restricted as it should be.

@toobie83 commented on GitHub (Apr 26, 2021): Tried it now with a different email address: ![image](https://user-images.githubusercontent.com/59822996/116076104-1acdd600-a694-11eb-8c9b-8162a2aa7606.png) The only change I made was to enable the admin panel. Dont know why it is now restricted as it should be.
GiteaMirror commented 2026-03-07 19:56:54 -06:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Apr 26, 2021):

I think because the previous time the container didn't restart. Which then didn't disabled it.

@BlackDex commented on GitHub (Apr 26, 2021): I think because the previous time the container didn't restart. Which then didn't disabled it.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#4657
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?