Access to vault not possible but through browser extension

[Knutowskie]

Bug report

Steps to reproduce

1. Login to vault through browser extension, access granted
2. Login to vault on the nextcloud webinterface: wrong password

Expected behaviour

Manage vault on website AND extension

Actual behaviour

limited access to vault, no mass import etc

Configuration

Operating system:
windows 10 1903
Browser:
Chrome, latest
Extensions that might cause interference:
happened with and without other extensions
Passman version:
2.3.4
Operating system:
raspbian
Web server:
apache or nginx, forgot.
cloud server: Nextcloud or ownCloud
Nextcloud
cloud version: (see admin page or version.php)
16.0.4

How can i get into my vault?

---

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

[animalillo]

Did you attempt any vault password changes before hand or any other bulk vault actions?
Any other tipos as to what might have caused this issue?

[Luckyvb]

I have same issue. No i don`t change passwords. but i disable server encryption.

[Luckyvb]

how can i try manually decrypt my passwords and recreate vault ?

[binsky08]

have you installed the latest passman version 2.3.8?

[Luckyvb]

2.3.8

[binsky08]

I tried to reproduce the error, but to no avail.
Actually, the Nextcloud encryption should not have any influence on it, since all Passman user data is only in the database.
I installed the Passman app, enabled the server encryption, created a vault with a credential, disabled the server encryption and I am still able to log in to the vault.

[Luckyvb]

i look at code and debug a little. i understand.
At database my password many have compromised not null value. i set it to null with oi back - it was mistake. :(
I will try to look snapshot. i Look at code to /lib/Service/EncryptService.php:

	public function __construct(SettingsService $settings, IConfig $config) {
		$this->cipher = $settings->getAppSetting('server_side_encryption', 'aes-256-cbc');
		$password_salt = $config->getSystemValue('passwordsalt', '');

1. Maybe server_side_encryption changed ?? How to check this parameter?
2. I try create new vault and creadaential all ok. but if change at database hidden credential, compromised field, the ican`t logon to. but this is secondary problem...
3. Maybe i can share this vault credentials and export them ?
4. https://stackoverflow.com/questions/30425767/js-decryption-not-possible-after-storing-in-database-sjcl - can be this problem ?

[binsky08]

are there any errors in the browser js console when you enter your password and click the decrypt button?
(in Firefox and Chrome you can open it with F12 or Ctrl+Shift+J )

[binsky08]

you could try to access and export your vault using the alternative command line passman client Pebble.
If you can successfully access the passwords with Pebble (to be sure that it is an web ui issue and your password still works), there is an unreleased version with a new export feature to export all credentials (decrypted) as JSON file.

To use that feature you need to build and install the client from its source (master branch of the repo https://git.incenp.org/damien/pebble.git). But you could also wait for its next release (0.9.2).

[Luckyvb]

thanks, i will try.

[Luckyvb]

Problems...
pbl> show -i 3 TypeError: argument should be a bytes-like object or ASCII string, not 'bool'
my problem at vault and server, any more ideas ?

[binsky08]

that should definitely not happen at this point.
did you got this error before or after you entered your vault password?
are your credentials listed, when you type just show?
does this problem only occur when viewing a specific credential, or does it affect everyone?

I'm not sure, but if that happens after you entered your password, it could be possible that the credentials in your database were corrupted in a way I do not understand.

Did you attempt any vault password changes before hand or any other bulk vault actions?
Any other tipos as to what might have caused this issue?

^

how can i try manually decrypt my passwords and recreate vault ?

if all Passman clients fail to decrypt, performing the same decryption operation manually is unlikely to work

I recommend using a backup from the point in time when it was still working.

[animalillo]

hello, can I suggest a few things?

1. Create a new vault and check if it works
2. If the new vault works and a few test items seem to work correctly it's most likely something got corrupted in your database.
3. Asuming 2 succeeded, check for the other vault for any vaule on those fields that do not look encrypted.
4. If everything looks encrypted and alright, it might be possible that some how the secret key of your nextcloud instance changed, do you have backups of your nextcloud config.php file? there's a secret there that is used to encrypt passman data on the server side.

Some other things worth noting, did you make manual changes on the passman database? If so, which ones? did you manually edit the label of the credentials on the database? The label is used as part of the server side encryption key.

Do you get any errors on NC logs? Or on the JS console?

It does no

[Luckyvb]

1. it`s work.
2. work.
3. No problem at new vault. i restore my most credentials from different system. new vault work good.
4. try to search for backup. maybe i changed it.

no i dont change lablel in database. but set compromised to null, but at that moment. i cant access to vault.

[Luckyvb]

that should definitely not happen at this point.
did you got this error before or after you entered your vault password?
are your credentials listed, when you type just show?
does this problem only occur when viewing a specific credential, or does it affect everyone?

all listed, but i try get 2..3 creadentials, result false