When running a report from the Reports page of the Bitwarden web vault, the relevant report will run and provide results
Possible false negative in certain scenarios.
When running a report from the Reports page of the Bitwarden web vault and the user opens the report in a new tab/window of their browser, the report will provide “Good News” and that there are no adverse findings of the report in all cases.
When opening the same report in the same tab/window from the reports page, the report will run properly.
STEPS TO REPRODUCE
- From the reports page of the web vault (Bitwarden Web Vault) in the user’s browser, right click on any report and open that report in a new tab.
- The user will most likely be prompted to re-login with their username and master password.
- Upon re-logging in (as required), the report will appear to run and report back that no issues have been found (e.g. “GOOD NEWS: No items in your vault have passwords that have been exposed in known data breaches”)
The user wants to run multiple reports and does so by opening each in a new tab from the Reports page of the web vault. The user may then be provided with false negative reports.
Bitwarden Premium - Personal
Web vault v. 2023.5.0
Chrome v. 114.0.5735.199 x64
Examples of this issue are provided below in respect of the Exposed Passwords report, Reused Passwords report and Weak Passwords report.
At the top of each screenshot shows the results of the report opened in a new tab/window (in my case, false negative), the bottom of each screenshot shows the same results when opening in the same tab/window from the Reports page of the web vault.