Vaultwarden update (security!)
(github.com)
from megaman@discuss.tchncs.de to selfhosted@lemmy.world on 12 Apr 09:15
https://discuss.tchncs.de/post/58330397
from megaman@discuss.tchncs.de to selfhosted@lemmy.world on 12 Apr 09:15
https://discuss.tchncs.de/post/58330397
Vaultwarden update out as of ~15 minutes ago, includes security updates.
It says “unconfirmed owner can purge entire organization vault”. That seems probably not great, so updating is probably a good idea.
threaded - newest
Keep em frosty people
Updated mine, but, realistically, I don't think most of us are directly exposing our VaultWarden instances to the internet ... I can't imagine I'm all that weird by only exposing it over VPN for remote use.
Isn’t that there point though? Remote synchronizing?
That’s why most use a VPN.
I understand why some would do this. It’s definitely a more secure setup, but I highly doubt “most”. I like having passwords on my work laptop. I couldn’t sync there with a VPN, for example. My wife, kids and parents aren’t going to run VPNs on their phones, etc.
Vaultwarden is specifically used for self hosting. Setting up a Wireguard VPN on your server at home can be tricky in specific instances. Most of the time it’s dead simple though. Installing a Wireguard Client on your mobile devices is as simple as scanning a QR code. And to be fair: If you’re going to expose the Vaultwarden instance to the internet why not just use the official Bitwarden service then? I’m sure they can handle security better than someone who has trouble setting up an VPN server.
True! Good and relative safe on my Tailscale network. The only thing I`m brave enough to expose to the big and scary internet/botnet is my little Pi running Headscale, and I’ve put that on a separate network.
I have it exposed with a 2FA it seems fairly safe.