Vulnerability Disclosure: Authentication Bypass in Vaultwarden versions < 1.32.5
Vulnerability Disclosure: Authentication Bypass in Vaultwarden versions < 1.32.5
insinuator.net
Vulnerability Disclosure: Authentication Bypass in Vaultwarden versions < 1.32.5
Please update Vaultwarden as soon as possible if you did not do it yet.
The blog post contains an interesting tineline. Apparently, the first fix was not sufficient. So if you have updated Vaultwaren before November 18, update it again.
Copy of the timeline: