Feature Request
Please change vault search so that Secure Note contents are not used for search matching when the item has Master Password Re-Prompt enabled, unless the user has already completed the re-prompt.
Description
In the browser extension and macOS app, a Secure Note item with Master Password Re-Prompt enabled can still appear in search results if I search for text inside the note body.
Example: if the Secure Note body contains 123, searching 123 shows the item title in the search results, even though I have not entered the re-prompt.
I tested iOS too, and iOS does not seem to have this issue.
Steps To Reproduce
- Unlock Bitwarden.
- Create a Secure Note item.
- Add a test value in the note body, for example
123. - Enable Master Password Re-Prompt for the item.
- Save it.
- Do not open the item or enter the re-prompt.
- Search for
123.
Expected Result
The protected item should not appear in search results just because the search query matches content inside the Secure Note body.
Actual Result
The item title appears in search results before Master Password Re-Prompt is completed.
Why this matters
For short values like a CVV, someone with access to an unlocked vault could try 000 to 999 in search and see which value returns the item.