I help manage my Dad’s bitwarden and on a Case IH equipment site, sso.cc.cnh.com is the address, when the login info is entered on his computer, a page comes up saying potentially dangerous request.form value was detected from client along with a bunch of other stuff. He has logged into this site in the past without any issues.
When I use my computer to login to this same site, I don’t have any issues. Since I can login on my computer just fine, I am thinking it has to do with a setting on his computer. If it is his computer, any idea what setting it could be?
Not sure why I didn’t think of this sooner but he uses chrome browser and I use firefox. So on my computer, I tried chrome and it gave me same message. What setting would be causing this in chrome? Under chrome security settings on my pc, browsing is set to standard protection, also tried that with no protection and same message came up. On my pc, in firefox settings, I have browsing protection set to strict. Or is this something that this website is incompatible with chrome and nothing can be done on my end until there is an update that fixes this?
Something else I am confused about. In the bitwarden entry for this site, sso.cc.cnh.com is the website that I have entered. On my pc, when I copy that website to open up in chrome, it says website not found. Firefox is my default browser When I go to edit the login, Sign In That is what is shown for the website. When I copy that into chrome, the website in the address bar shows https://myaccount.caseih.com/ and that dangerous request message appears.
I cannot reproduce this in Chrome. When I autofill the login form and click Login, I only get the error message “Incorrect user ID or password. Type the correct user ID and password, and try again” (since I’m using fake credentials for testing). At what point in the autofill process does the “potentially dangerous request.form value” appear?
The URL https://myaccount.caseih.com/ redirects to:
where XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX is a random 32-character string that is different everytime you log in. The website https://sso.cc.cnh.com will not respond unless it is provided with a valid 32-character code. Thus, if you want to use Bitwarden’s “launch” function to open the website, you should store https://myaccount.caseih.com/ as the first website (URI), and https://sso.cc.cnh.com/ as the second website (URI).
After I enter the login details and click login while in chrome. Assuming you can’t reproduce this since you don’t actually have an account there.
Thought this was kind of interesting, after I put in login details and clicked login, that dangerous request form page appeared. Without leaving that page, I copied and pasted https://myaccount.caseih.com/ into the address bar and it brought me to the account page and was logged in.
About adding two websites to the bitwarden entry, without changing anything yet, currently have https://sso.cc.cnh.com as the website and it does bring up the website login page using the bitwarden launch button.
So I added both websites to the bitwarden entry, my account as the first one and sso as the second one. When I click the launch button in bitwarden for the sso website, it instantly opens up the page about dangerous request. This is on my computer so when I use the launch button, it opens in a firefox page. This is so confusing, when I first noticed this issue, using launch button for sso would open up the login page. But now it instantly opens up the bad page. On the dangerous request page, it shows https://myaccount.caseih.com/ in the address bar.
If I just use the launch button for https://myaccount.caseih.com/, it brings up the login page and am able to login.
So it seems I don’t need to add the second website, https://sso.cc.cnh.com to the bitwarden entry. Only needs the https://myaccount.caseih.com/ website. I was able to login fine both firefox and chrome using the https://myaccount.caseih.com/ site.
Guessing the issue was with https://sso.cc.cnh.com address copied and added to the bitwarden entry, that 32 digit string was always the same unless it did change to a different string once in the address bar.
Did you check this in the View Login screen or in the Edit Login screen? Unless you’re in the Edit Login view, Bitwarden will truncate all path information from the Website URL after the domain name. I suspect that you were looking in the View Login view, and that you will see the path with the 32-character code if you click Edit
I suspect that the “dangerous request.form” warning may be related to the use of an expired 32-digit code in the URL (e.g., an old code that was saved by Bitwarden in the login item).
The only other explanation I can think of is that your account password may contain some special characters that make the password appear to be an SQL injection attack.
I’m surprised that Bitwarden is still able to match the login item to this page, since myaccount.caseih.com automatically redirects to sso.cc.cnh.com (a completely different domain) — at least, it did so in my tests. Does the browser URL remain at myaccount.caseih.com when you log in?
So when I use the bitwarden launcher button that shows myaccount.caseih.com on both view login and edit login, the browser url is shown as the sso url with the 32 character string. Once I login, the browser url shows myaccount.caseih.com
What method do you use for transferring your stored login credentials from your vault into the login form? Do you not use autofill (e.g., do you just manually copy and paste the username and password)?
You mentioned using browsers (Chrome or Firefox), but you did not specify whether you are using the Web Vault or the browser extension. Would you mind clarifying?
If you use the browser extension, after you’ve been redirected to the login form on the sso.cc.cnh.com domain, does your Bitwarden browser extension icon (next to the browser address bar) show a badge with a number (e.g., “1”, as shown in the screenshot below)?
I was just copy and pasting login info from the desktop app since I was dealing with different browsers.
On firefox, where I use the extension, with just myaccount.caseih.com website added to the login entry, the extension did not recognize the site, extension icon did not have a number , therefore it did not autofill. Once I added the sso.cc.cnh.com as a second website in the login entry, the extension does show a 1 on it and it does autofill. Didn’t realize that is why you said to add both websites.
