From ccb8d1262846259f4e52d3cb103074603ebbfb17 Mon Sep 17 00:00:00 2001
From: orbisai0security <mediratta01.pally@gmail.com>
Date: Thu, 30 Apr 2026 02:47:08 +0000
Subject: [PATCH] fix: V-001 security vulnerability

Automated security fix generated by Orbis Security AI
---
 src/config.rs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/config.rs b/src/config.rs
index ae995f69..87b6b511 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -1238,7 +1238,10 @@ fn validate_config(cfg: &ConfigItems, on_update: bool) -> Result<(), Error> {
                     err!(format!("The configured Argon2 PHC in `ADMIN_TOKEN` is invalid: '{e}'"))
                 }
             }
-            Some(_) => {
+            Some(t) => {
+                if t.trim().len() < 20 {
+                    err!("`ADMIN_TOKEN` is too short. Please use a token with at least 20 characters, or use an Argon2 PHC string.");
+                }
                 println!(
                     "[NOTICE] You are using a plain text `ADMIN_TOKEN` which is insecure.\n\
                 Please generate a secure Argon2 PHC string by using `vaultwarden hash` or `argon2`.\n\