We have a number of PASSBOLT installations all separated for security and legal reasons. Since the recent PASSBOLT EXTENSTION 3.0.0 update we suddenly had 6 of these installation go haywire. User area was completely blank.
We have now been able to fix 3 of the servers with the automated data cleansing CAKE routine:
/var/www/passbolt/bin/cake passbolt cleanup
Another 2 were fixed by diving into the database and fixing a couple of unusual records.
Last one, we are stuck. Cannot find the database record error causing user information problems.
This issue has sent TERRIFYING SHOCKWAVES through our teams and management who all now suddenly realize no matter how earnestly and diligently we backup, archive and gingerly update our PASSBOLT servers…
A SINGLE PASSBOLT EXTENSION LOSS, UPDATE, MAJOR UPDATE OR EVEN MINOR CHANGE WILL BE AUTOMATICALLY PUSHED OUT TO ALL BROWSERS WITH ZERO END-USER CONTROL AND NO OPTIONS FOR ROLLBACK!
This has the potential to completely lock everyone out of access to our entire password databases!
In the current Extension 3.0.0 update case we were only locked out of user management - unable to add, edit, remove users for about 5 days. Next time it could be SIGNIFICANTLY WORSE!
This major issue has quickly escalated to a DEAL BREAKER for us to continue using PASSBOLT. We are now looking into any way to BLOCK browser extension updates at the firewall/signature level. If we cannot solve this and prevent PASSBOLT from auto-updated the browser extension…
this may the be END of PASSBOLT for us.