Issues with searching and updating passwords

Good day!

We have been using Passbolt CE 5.9.0 installed on Ubuntu 24.04.3 LTS for about six months. The first few months everything worked perfectly, but recently we’ve encountered several interesting and unusual issues:

1. Unable to update existing passwords through the browser. This functionality worked excellently before, but at some point, updating passwords started showing an infinite loading spinner. Notably, any password updates successfully through the mobile app without any issues. Additionally, I noticed that if using a very simple password (for example, “qwe”), it will update in the browser after the confirmation dialog appears. However, if using a more complex password (for example, one generated by the built-in generator with a length of around 15 characters), after clicking the save button, there’s an infinite loading spinner, and upon page refresh, the password remains unchanged.

2. Password search broken in the mobile app. This issue appeared around the same time as the first problem. The situation is very similar: searching by entry name doesn’t work at all in the mobile app, but in the browser, the same search query returns the required password instantly.

Please help with resolving these issues. I’m ready to provide any necessary information.

Thank you for your report.

Regarding the point 1. The only functional difference between using a short password and a generated password is that, when the password is considered strong enough, Passbolt will call the Have I Been Pwned (Pwned Passwords) service to check whether it appears in known breaches. If that request stalls, it could explain the behaviour you’re seeing.

Do you remember roughly when this started, and whether anything changed around that time (proxy/firewall/DNS filtering, corporate policies, or a newly installed browser extension/security tool)?

To collect more details, could you please open the Passbolt extension Console and the Network tabs, reproduce the issue, then copy/paste here any errors and the failing request (if any)?

Firefox: open the Browser console with Ctrl + Shift + J (Windows/Linux) or Cmd + Shift + J (macOS).

Chrome: open chrome://extensions, enable “Developer mode”, find Passbolt, then click “service worker”.

Thank you for your response!

When I mentioned the generated password, I was using it as an example of a “complex” one. If I manually create a similar password myself, I encounter the same issues with infinite loading. That is, even using a password like P455w0RD!!! causes the system to get stuck in an endless saving process.

When this issue began, literally nothing had changed—absolutely nothing. It just started on its own.

Additionally, here are my latest observations and information about our server:

The problem was temporarily resolved when I removed individual administrator accounts from the access permissions for all passwords. Initially, since deployment, each technician used a separate account, but now we are all using a single shared account. However, for completely unclear reasons, the issues have reappeared—the server didn’t function properly for even a week. I initially suspected the problem lay in the encryption process: many characters in the password, numerous access rights assigned to a single password entry, and so on. But apparently that’s not the case. Also, our server has approximately 180 users in total, and each user has been manually granted access to their respective password.

Here is the information you requested from me:

• contentScripts/js/dist/vendors.js:2 (uu)

• contentScripts/js/dist/vendors.js:2 (uu)

• contentScripts/js/dist/vendors.js:2 (uu)

• contentScripts/js/dist/vendors.js:2 (uu)

• contentScripts/js/dist/vendors.js:2 (uu)

• contentScripts/js/dist/vendors.js:2 (uu)

• contentScripts/js/dist/vendors.js:2 (uu)

• contentScripts/js/dist/vendors.js:2 (uu)

• contentScripts/js/dist/vendors.js:2 (uu)

• contentScripts/js/dist/vendors.js:2 (uu)

• contentScripts/js/dist/vendors.js:2 (uu)

• contentScripts/js/dist/vendors.js:2 (uu)

• contentScripts/js/dist/vendors.js:2 (uu)

• contentScripts/js/dist/vendors.js:2 (vu)

• contentScripts/js/dist/vendors.js:2 (hu)

• contentScripts/js/dist/vendors.js:2 (gu)

• contentScripts/js/dist/vendors.js:2 (hu)

• contentScripts/js/dist/vendors.js:2 (gu)

• contentScripts/js/dist/vendors.js:2 (hu)

• contentScripts/js/dist/vendors.js:2 (анонимные функции)

• contentScripts/js/dist/vendors.js:2 (ks)

• contentScripts/js/dist/vendors.js:2 (us)

• contentScripts/js/dist/vendors.js:2 (Ba)

• contentScripts/js/dist/vendors.js:2 (ts)

• contentScripts/js/dist/vendors.js:2 (enqueueSetState)

• contentScripts/js/dist/vendors.js:2 (v.setState)

• contentScripts/js/dist/app.js:2 (getUserSettings)

Unchecked runtime.lastError: The page keeping the extension port is moved into back/forward cache, so the message channel is closed.

Potential permissions policy violation: clipboard-write is not allowed in this document.

Error: The url does not match the pattern.

Error: Cannot parse setup url. The url does not match the pattern.

Error: Cannot parse account recovery url. The url does not match the pattern.

Potential permissions policy violation: clipboard-write is not allowed in this document.

Hello.
I’m experiencing the same issue (CE 5.9.0, server on Ubuntu 22, clients on Windows 10–11, Chrome browser).
Through testing I’ve identified the following behavior:

• Creating or editing a password does not hang if its length is 9 characters or fewer.

• Creating or editing a longer password sometimes completes successfully after about 5–10 minutes, but other times it never finishes at all. I haven’t noticed any clear pattern yet.

I also ran into this problem in Chrome. at first, passbolt was installed on ubuntu, I thought because of the upgrade to version 5.9. therefore, I migrated to docker and the error is the same:

• weak passwords are added immediately
• passwords with 6+ characters take a long time to load. Sometimes it adds it, but it often freezes.
• mozilla adds normally, but sometimes freezes also occur.