Do recognize BANK.IN and other Indian zones as TLD

Ask the Community Password Manager
, , ,
1

The Reserve Bank Of India (Equivalent to the Fed in the US) has implemented new URLs for all bank websites in India.

All banks are now migrated to a .bank.in domain.

So for example BankOfIndia.com now becomes BankOfIndia.bank.in

Bitwarden doesn’t recognize bank.in as a top level domain yet.

So I cant create custom domain rules in my Bitwarden account. Why? Because bitwarden thinks bankofindia.bank.in is a subdomain and Bitwarden only allows base domains in its Domain rules.

This is a huge problem. Lots of Indian customers have multiple bank accounts and hence multiple logins saved which need to be updated.

This issue is not just limited to newly introduced bank.in TLD. I face issues with other indian TLDs as well. I doubt Bitwarden recognizes that .in registry has following 45 TLDs now.

Legacy TLD
.in
.co.in
.com.in
.firm.in
.net.in
.org.in
.gen.in
.ind.in

Restricted TLD
.ernet.in 
.ac.in 
.edu.in 
.res.in 
.gov.in 
.mil.in
.bank.in

New TLD
.5g.in
.6g.in
.ai.in
.am.in
.bihar.in
.biz.in
.business.in
.ca.in
.cn.in
.com.in
.coop.in
.cs.in
.delhi.in
.dr.in
.er.in
.gujarat.in
.info.in
.int.in
.internet.in
.io.in
.me.in
.pg.in
.post.in
.pro.in
.travel.in
.tv.in
.uk.in
.up.in
.us.in

Regards

2

Hello and welcome to the forum!

Bitwarden does recognize “bank.in” as the top domain; the unusual “problem” is that all the banks will now be using subdomains of this top domain, which breaks the assumptions of setting “Base domain” as the default URL matching.

Without another feature request, you can:

  1. For each of the affected banks, fix the URLs to the proper login page URLs (as subdomains of the top domain “bank.in”) and

  2. For each URL, also change the URL matching rule (using the settings icon on the right of the field) to “Match detection: Host.” or

  3. Change your Settings > Autofill > Default URL match detection to “Host.” Unfortunately, some of the other entries may no longer match, which you will have to fix one by one. On the other hand, you can view this as an exercise to “harden” your Bitwarden configuration to reduce the possible attack surface based on subdomain URLs.

I tried this with bankofindia.bank.in and indianbank.bank.in; with the “Host” URL matching, each entry matches separately.

P.S.: I edited your post so the non-TLD parts are outside the “code” formatting to allow the lines to be wrapped properly.

1 Like
3

Recognizing it as a base domain and recognizing it as a Top level Domain are different things.
Currently in custom domain rules (in my bitwarden account),

I can set as a valid rule :
XYZ. com, XYZ.co.in

but I cant set:
XYZ. com, XYZ.bank.in

even though .co.in and .bank.in are both same kind of entities.I hope this clears things up. If Bitwarden regonizes it as a proper TLD, it will let me and other users create custom domain rules to solve the issue for all logins in a particular website. I manage bank accounts for all family and a few businesses.

1 Like
4

Understood, domain rules as in https://vault.bitwarden.com/#/settings/domain-rules.

I’ll wait for someone else to suggest how we can “properly” ask Bitwarden to implement recognition of those TLDs. It does seem like a “bug”, though.

1 Like
5

Definately not a bug, but a feature request. New TLDs pop up every year, but this one is particularly troublesome because Govt has forced all banks to change their domain all at once.

And these are banks we are talking about. The best way not to be phished is to look for exisiting available login for that domain. That is now broken.

1 Like
6

I agree that this should be a feature request, although it could be argued that it should be reported as a Github Issue, as well (since from a user’s perspective, they would just experience that URI matching and Domain Rules no longer work as expected, without necessarily understanding the reason).

1 Like
7

Hot issues on github also seem to be addressed more quickly than a “hot” feature request. I personally would try the bug track first. The fastest track may be an outside code contributor fixing the issue.

1 Like
8

I tried on github, not a developer. My thread was automatically closed.

Can anyone help me raise this issue in the correct way.

9

Yeah, don’t file it as a contribution proposal; try submitting it as a bug report, i.e., TLDs not behaving as TLDs (with the details you have mentioned). This won’t guarantee that the submission won’t be closed, but since bugs may be fixed in days, weeks, or months, it might be better than a feature request, which could take months or years. grb already mentioned this link above:

Oh yeah, you should also include steps that make this “bug” consistently “reproducible,” which should be easy in this case, perhaps by using the non-equivalent treatment in the domain rules page above.

10

Your thread was closed because you posted at https://github.com/orgs/bitwarden/discussions, not at https://github.com/bitwarden/clients/issues.

1 Like
11

@ShailendraMSM,

If the following bug isn’t yours, you may want to add all the domains you mentioned to the bug report to see if the issue will get noticed:

2 Likes
13

A PR to fix this issue was just merged, and should be available in an upcoming release:

1 Like
14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.