Chromium 110 (Brave, Chrome, Edge) extension webauthn issue

after updating the number of iterations for the pbkdf2 to 200000 from the webvault, i get a “NotAllowedError: WebAuthn is not supported on sites with TLS certificate errors” error from the edge extension when trying to log in using a yubikey. oddly, only edge has this issue. firefox and chrome both work just fine.

1 Like

Hey @waf I haven’t bumped into that one yet but feel free to contact the support team at https://bitwarden.com/contact/ or drop a bug report on Github for review: Issues · bitwarden/clients · GitHub

1 Like

FWIW I just made this change myself, was signed out of the web-vault and the MS Edge extension.
Once signed back in to the Edge extension was required for 2FA with my Yubikey 5C and was promptly logged in to my vault.

Can you verify that your browser and extension are up to date?

yep, browser and extension are both up to date. i’m using the edge dev channel (v110.0.1587.1) and i also removed and re-installed the extension directly from the bitwarden site and the msft and chrome store.

I’m running into this same issue as of today on Brave browser, my browser and extension are both also up-to-date. I attempted a reinstall of the extension but this did not make a difference. Did anyone find a solution for this issue yet?

same here today on Brave browser 1.48.158 (says latest) with Bw extension 2023.1.0
(was working fine for past weeks)

edge is OK and works fine with webauth

tested on old laptop with previous version of Brave and works OK 1.47.186

“not allowed error: webauthn is not supported on site with TLS certificate errors”

ive posted on the brave boards as it seems ok in previous brave build

i was able to work around it by using a different form of mfa (e.g. google authenticator/authy)

hi… thanks, yes, thats how i logged in for now, hopefully brave will fix it soon
i prefer everything logs out and prompts 2fa at each launch, the yubikey bio makes this quick and seemless (2fa codes are a pain in the ass… and i would usually opt to “dont ask again” as i cant be bothered with apps/codes unless required.

but at least for now its a workaround)

Same issue occurred in Chrome 110.0.5481.78 (chrome extension)

Hi, this has happened to me on both edge and firefox.
Edge version - edge Version 110.0.1587.41
i removed and reinstalled the bitwarden extension but this did not fix it.
Moving over to firefox had the same issues

do we know if the reported fix from a few days ago has been rolled out?

My extension still shows 2023.1.0 forcing update shows nothing newer… So no bitwarden team hasn’t fixed it yet

Yep, Im experience this issue aswell. Sadly Im using only Yubikeys and WebAuthen. Somewhat stuck if I dont add additional MFA methods

1 Like

yeh luckily im using totp as backup so can still get in using that for now

p.s your webvault & desktop app should still work fine, so you could log in and setup totp temporarily until they fix this (id of thought it would of been fixed by now, but seems low on their priority list)

1 Like

Same issue occurring here. No changes made to any settings. When I sign in to the Edge extension it immediately errors with “An error has occurred. NotAllowedError: WebAuthn is not supported on sites with TLS certfiicate errors”.

I can log on via the web fine with the same FIDO2 key.

Edge is 110.0.1587.41 (Official build) (64-bit)
Bitwarden Edge extensions in 2023.1.0

Also happening in Chrome browser 110.0.5481.77 (Official Build) (64-bit)
Bitwarden Edge extensions in 2023.1.0

Machine has been restarted

Thanks

2 Likes

Looks as if it is a consequence of:

https://lists.w3.org/Archives/Public/public-webauthn/2022Nov/0135.html

Maybe implies a TLS certificate problem with bitwarden.com as FIDO2 auth works with other sites.

It certainly is consequence of that.

Because I just started Google Chrome with –disable-features=DisableWebAuthnWithBrokenCerts and then WebAuthn on the extension works again

Just coming here to check because I have noticed this in the past few days, probably happened over the weekend on two copies of Chrome. Both up to date, on up to date computers running Windows 10 (Iobit’s Advanced System Care keeps them updated regularly). Fails with a Security Key by Yubico and a Yubikey 5. Also fails at work on Microsoft’s Edge “browser” (think it is called Edge) with both keys.

One workaround is to use an old Yubikey 4 which works fine, presumably because it is not using FIDO2.

Glad that I left various other ways of accessing my passwords enabled. I had to use TOTP once when I was at work and didn’t have a Yubikey 4 with me.

I also have email turned on, but that is via a Gmail account which has their Advanced Protection turned on and is not used too often, so I’m not concerned about that.

Presumably the Yubikey 5 fails because it is set up to use FIDO2 in preference. Not bothered to turn that off to check it.

Thanks for your patience all, the team is working on this one: [PS-2176] Open WebAuthn Prompt in New Tab for all browser extensions by justindbaur · Pull Request #4695 · bitwarden/clients · GitHub

1 Like

Chromium: 110.0.5481.77 (Official Build) (64-bit)

Windows 10 x64 enterprise (22H2), Ubuntu 22.04

The newly release version of Chrome has broken WebAuthn for the bitwarden addin.
Gives the error:
“not allowed error: webauthn is not supported on site with TLS certificate errors”

Works if start Chrome with the flag:
–disable-features=DisableWebAuthnWithBrokenCerts