Hello, I have just installed on a CentOS 9 Stream server. Everything went smoothly right up to the point of the first user having to enter a passphrase. It will not get past the “it is not part of an exposed data breach” no matter what I put in for a passphrase (random characters, etc.). This is an offline server, so my question is - Is the passphrase lookup an online need, and if so can we disable it? This server will never be put on the internet. So I need a way to work around this if possible.
Hi @tgoble and welcome to passbolt community forum !
While choosing a new passphrase, there is an API call to https://haveibeenpwned.com/ to check if the passphrase is not part of a breach. This is not done from the passbolt server itself but from the browser extension (your computer).
When you are trying to setup the passphrase, do you have yourself an internet access, or are you in a closed environment ?
We are aware of this and a fix will be shipped on next browser extension release.
With best regards,
The client is in also in the closed environment. May I ask if there is an ETA on the extension release?
Just to note in a closed environment is a bit of work to get the plugin to work for Edge/Chrome as they pretty much require the store. I had to download it for offline use (which takes a bit of work) extract it and use Edge/Chrome in dev mode for extensions. It works, but just a bit of a process.
We don’t have any ETA for the next extension release unfortunately but be sure I will inform you when it will be out.
If you want to download browser extensions for Chrome (Edge is the chrome extension) and Firefox, you can download them directly from our github repo but they are not signed by chrome or firefox stores.
If you do this, take care to choose the correct tag:
Maybe would you be interested by this tutorial about how to self-host a local HaveIBeenPwned API: How to create an offline self-hosted haveibeenpwned API service