Backup_Repos/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-05-07 12:00:48 +02:00
Code Issues Projects Releases Wiki Activity

fix: V-001 security vulnerability

Browse source 
Automated security fix generated by Orbis Security AI
This commit is contained in:
orbisai0security 2026-04-30 02:47:08 +00:00
parent 14258caec9
commit ccb8d12628
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/config.rs
View file

@ -1238,7 +1238,10 @@ fn validate_config(cfg: &ConfigItems, on_update: bool) -> Result<(), Error> {
err!(format!("The configured Argon2 PHC in `ADMIN_TOKEN` is invalid: '{e}'"))
}
}
Some(_) => {
Some(t) => {
if t.trim().len() < 20 {
err!("`ADMIN_TOKEN` is too short. Please use a token with at least 20 characters, or use an Argon2 PHC string.");
}
println!(
"[NOTICE] You are using a plain text `ADMIN_TOKEN` which is insecure.\n\
Please generate a secure Argon2 PHC string by using `vaultwarden hash` or `argon2`.\n\