"Invalid master password" when trying to unlock browser extension after autolock #6955
Description
Prerequisites
- I have searched the existing Closed AND Open Issues AND Discussions
- I have searched and read the documentation
Vaultwarden Support String
Your environment (Generated via diagnostics page)
- Vaultwarden version: v1.35.4
- Web-vault version: v2026.1.1
- OS/Arch: linux/x86_64
- Running within a container: true (Base: Debian)
- Database type: PostgreSQL
- Database version: PostgreSQL 18.3 (Debian 18.3-1.pgdg13+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 14.2.0-19) 14.2.0, 64-bit
- Uses config.json: false
- Uses a reverse proxy: false
- Internet access: true
- Internet access via a proxy: false
- DNS Check: true
- Browser/Server Time Check: true
- Server/NTP Time Check: true
- Domain Configuration Check: false
- HTTPS Check: true
- Websocket Check: true
- HTTP Response Checks: true
Config & Details (Generated via diagnostics page)
Show Config & Details
Config:
{
"_duo_akey": null,
"_enable_duo": true,
"_enable_email_2fa": true,
"_enable_smtp": true,
"_enable_yubico": true,
"_icon_service_csp": "",
"_icon_service_url": "",
"_ip_header_enabled": true,
"_max_note_size": 10000,
"_smtp_img_src": "***:",
"admin_ratelimit_max_burst": 3,
"admin_ratelimit_seconds": 300,
"admin_session_lifetime": 20,
"admin_token": "***",
"allowed_connect_src": "",
"allowed_iframe_ancestors": "",
"attachments_folder": "data/attachments",
"auth_request_purge_schedule": "30 * * * * *",
"authenticator_disable_time_drift": false,
"data_folder": "data",
"database_conn_init": "",
"database_idle_timeout": 600,
"database_max_conns": 10,
"database_min_conns": 2,
"database_timeout": 30,
"database_url": "**********://********************************************************************************************",
"db_connection_retries": 15,
"disable_2fa_remember": false,
"disable_admin_token": false,
"disable_icon_download": false,
"dns_prefer_ipv6": false,
"domain": "*****://****************",
"domain_origin": "*****://****************",
"domain_path": "",
"domain_set": true,
"duo_context_purge_schedule": "30 * * * * *",
"duo_host": null,
"duo_ikey": null,
"duo_skey": null,
"duo_use_iframe": false,
"email_2fa_auto_fallback": false,
"email_2fa_enforce_on_verified_invite": false,
"email_attempts_limit": 3,
"email_change_allowed": true,
"email_expiration_time": 600,
"email_token_size": 6,
"emergency_access_allowed": true,
"emergency_notification_reminder_schedule": "0 3 * * * *",
"emergency_request_timeout_schedule": "0 7 * * * *",
"enable_db_wal": true,
"enable_websocket": true,
"enforce_single_org_with_reset_pw_policy": false,
"event_cleanup_schedule": "0 10 0 * * *",
"events_days_retain": null,
"experimental_client_feature_flags": "",
"extended_logging": true,
"helo_name": null,
"hibp_api_key": null,
"http_request_block_non_global_ips": true,
"http_request_block_regex": null,
"icon_blacklist_non_global_ips": true,
"icon_blacklist_regex": null,
"icon_cache_folder": "data/icon_cache",
"icon_cache_negttl": 259200,
"icon_cache_ttl": 2592000,
"icon_download_timeout": 10,
"icon_redirect_code": 302,
"icon_service": "internal",
"incomplete_2fa_schedule": "30 * * * * *",
"incomplete_2fa_time_limit": 3,
"increase_note_size_limit": false,
"invitation_expiration_hours": 120,
"invitation_org_name": "Vaultwarden",
"invitations_allowed": true,
"ip_header": "X-Real-IP",
"job_poll_interval_ms": 30000,
"log_file": null,
"log_level": "info",
"log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
"login_ratelimit_max_burst": 10,
"login_ratelimit_seconds": 60,
"org_attachment_limit": null,
"org_creation_users": "",
"org_events_enabled": false,
"org_groups_enabled": false,
"password_hints_allowed": true,
"password_iterations": 600000,
"purge_incomplete_sso_auth": "0 20 0 * * *",
"push_enabled": false,
"push_identity_uri": "https://identity.bitwarden.com",
"push_installation_id": "***",
"push_installation_key": "***",
"push_relay_uri": "https://push.bitwarden.com",
"reload_templates": false,
"require_device_email": false,
"rsa_key_filename": "data/rsa_key",
"send_purge_schedule": "0 5 * * * *",
"sendmail_command": null,
"sends_allowed": true,
"sends_folder": "data/sends",
"show_password_hint": false,
"signups_allowed": false,
"signups_domains_whitelist": "",
"signups_verify": false,
"signups_verify_resend_limit": 6,
"signups_verify_resend_time": 3600,
"smtp_accept_invalid_certs": false,
"smtp_accept_invalid_hostnames": false,
"smtp_auth_mechanism": null,
"smtp_debug": false,
"smtp_embed_images": true,
"smtp_explicit_tls": null,
"smtp_from": "**********************",
"smtp_from_name": "***********",
"smtp_host": "*************",
"smtp_password": null,
"smtp_port": 25,
"smtp_security": "off",
"smtp_ssl": null,
"smtp_timeout": 15,
"smtp_username": null,
"sso_allow_unknown_email_verification": false,
"sso_audience_trusted": null,
"sso_auth_only_not_session": false,
"sso_authority": "",
"sso_authorize_extra_params": "",
"sso_callback_path": "*****://*********************************************",
"sso_client_cache_expiration": 0,
"sso_client_id": "",
"sso_client_secret": "***",
"sso_debug_tokens": false,
"sso_enabled": false,
"sso_master_password_policy": null,
"sso_only": false,
"sso_pkce": true,
"sso_scopes": "email profile",
"sso_signups_match_email": true,
"templates_folder": "data/templates",
"tmp_folder": "data/tmp",
"trash_auto_delete_days": null,
"trash_purge_schedule": "0 5 0 * * *",
"use_sendmail": false,
"use_syslog": false,
"user_attachment_limit": null,
"user_send_limit": null,
"web_vault_enabled": true,
"web_vault_folder": "web-vault/",
"yubico_client_id": null,
"yubico_secret_key": null,
"yubico_server": null
}Vaultwarden Build Version
v1.35.4
Deployment method
Official Container Image
Custom deployment method
No response
Reverse Proxy
nginx 1.24.0
Host/Server Operating System
Linux
Operating System Version
Ubuntu 24.04
Clients
Browser Extension
Client Version
Firefox 148.0.2
Steps To Reproduce
- Go to the extension (must be locked after a login)
- Enter master password
- Click on "Unlock"
Expected Result
Extension correctly unlocks and shows the logins list.
Actual Result
Extension shows "Invalid master password error" red popup.
Logs
No logs generated on the Vaultwarden container itself.
From the extension I get:
[MasterPasswordLockComponent] Failed to unlock via master password Error: Master password unlock data was not found for the user [redacted uuid]
unlockWithMasterPassword default-master-password-unlock.service.ts:30
o main.js:494
invoke zone.js:398
onInvoke ng_zone.ts:476
invoke zone.js:397
run zone.js:113
I zone.js:2537
invokeTask zone.js:431
onInvokeTask ng_zone.ts:453
invokeTask zone.js:430
runTask zone.js:161
y zone.js:612
promise callback*d zone.js:588
g zone.js:599
scheduleTask zone.js:420
onScheduleTask zone.js:273
scheduleTask zone.js:411
scheduleTask zone.js:207
scheduleMicroTask zone.js:227
I zone.js:2527
A zone.js:2461
S zone.js:2369
k zone.js:2385
getStore browser-local-storage.service.ts:62
console-log.service.ts:51:17
write console-log.service.ts:51
error console-log.service.ts:28
unlockViaMasterPassword master-password-lock.component.ts:138
a main.js:173
invoke zone.js:398
onInvoke ng_zone.ts:476
invoke zone.js:397
run zone.js:113
I zone.js:2537
invokeTask zone.js:431
onInvokeTask ng_zone.ts:453
invokeTask zone.js:430
runTask zone.js:161
y zone.js:612
(Async: promise callback)
d zone.js:588
g zone.js:599
scheduleTask zone.js:420
onScheduleTask zone.js:273
scheduleTask zone.js:411
scheduleTask zone.js:207
scheduleMicroTask zone.js:227
I zone.js:2527
A zone.js:2461
S zone.js:2369
k zone.js:2385
getStore browser-local-storage.service.ts:62
Screenshots or Videos
Additional Context
This only breaks on the extension when it's locked. Sign in via web UI works with no issue.
Clicking "Log out" and then logging back in to the extension also works.