ERROR: Logged in /identity/Identity/log.txt:
2020-11-17 07:48:22.411 +00:00 [WRN] Failed login attempt. ::ffff:172.23.0.4
2020-11-17 08:08:20.431 +00:00 [WRN] Failed login attempt. ::ffff:172.23.0.4
2020-11-17 09:29:37.018 +00:00 [WRN] Failed login attempt. ::ffff:172.23.0.4
2020-11-17 14:55:34.488 +00:00 [WRN] Failed login attempt. ::ffff:172.23.0.4
WHEN: After updating to latest release (server 1.38.0, v1.38.1, v1.38.2 and v1.38.4, web 2.17.0 v2.17.1).
CULPRIT: IP traced back to _bitwarden-api_ container.
RE-PRODUCE: user EDIT any BW entry (in app, webinterface or browser extension) and SAVE - Voila' an error is logged within ./Identity/log.txt.
MAYBE: Can't help but think that some of the changes in src/Api/Controllers/AccountsController.cs are to blame.
INFO: BW containers have been rock solid for the last two months - Only logging a few "real" malicious log-in attempts.
Try with server 1.38.1 ?
Try with server 1.38.1 ?
Yeah I did that and still the same.
2020-11-19 21:02:37.025 +00:00 [WRN] Failed login attempt. ::ffff:172.21.0.5
Don't mind that the IP is different it's still the _bitwarden-api_ container (IP changed due to update/restart)
Reproduced, after having migrated from 1.37.2 to 1.38.1.
As soon as we add, modify or delete an entry, through the web portal, desktop application, browser extensions... the following triggers in bwdata/logs/identity/Identity/log.txt :
2020-11-27 15:46:10.359 +06:00 [Warning] Failed login attempt. ::ffff:172.21.0.2
2020-11-27 15:46:17.991 +06:00 [Warning] Failed login attempt. ::ffff:172.21.0.2
2020-11-27 15:46:59.490 +06:00 [Warning] Failed login attempt. ::ffff:172.21.0.2
2020-11-27 15:47:05.092 +06:00 [Warning] Failed login attempt. ::ffff:172.21.0.2
updated to web v2.17.1 (server still at v1.38.1)
2020-12-03 08:35:09.793 +00:00 [WRN] Failed login attempt. ::ffff:172.21.0.2
1.38.4 still suffers from this issue.
==> bwdata/logs/identity/Identity/log.txt <==
2020-12-24 14:51:49.411 +00:00 [Warning] Failed login attempt. ::ffff:172.19.0.4
==> /var/log/fail2ban.log <==
2020-12-24 14:51:49,628 fail2ban.filter [888]: INFO [bitwarden] Found 172.19.0.4 - 2020-12-24 14:51:49
1.38.4still suffers from this issue.==> bwdata/logs/identity/Identity/log.txt <== 2020-12-24 14:51:49.411 +00:00 [Warning] Failed login attempt. ::ffff:172.19.0.4 ==> /var/log/fail2ban.log <== 2020-12-24 14:51:49,628 fail2ban.filter [888]: INFO [bitwarden] Found 172.19.0.4 - 2020-12-24 14:51:49
Exactly the reason I posted this in the first place. I've now set f2b to ignore subnet 172.16.0.0/12 until a fix is posted :-)
@cscharf may we perhaps bring this issue to your attention ?
May in addition reveal an internal misbehavior.
Many thanks for your support 馃憤
Thanks, I was able to reproduce this; followed in the logs by an error, { error = invalid_grant }. Will tee this up for our dev team.
Really glad, many thanks to you @cscharf and to the dev team 馃憤
Really glad, many thanks to you @cscharf and to the dev team 馃憤
Finally 馃檪
Most helpful comment
Thanks, I was able to reproduce this; followed in the logs by an error,
{ error = invalid_grant }. Will tee this up for our dev team.