Syncthing suddenly started requiring a password

Issue: Syncthing suddenly started requiring a password, despite never setting one initially. This occurred on a fresh installation that was only installed 10 days ago. I opened without problems the page at https://127.0.0.1:8384/# for several days prior to today.

My friend, who also installed Syncthing 10 days ago, has encountered the same issue (we share folders via Syncthing).

System Info:

  • Version: v1.28.1 “Gold Grasshopper”
  • Build: go1.23.3 windows-amd64
  • Build date: 2024-11-24 21:55:12 UTC
  • OS: Windows 11 (my PC)/ 10 (my friend PC)

Workaround Applied: We resolved the issue by:

  1. Navigating to C:\Users\user\AppData\Local\Syncthing\config.xml
  2. Locating the section
  3. Removing the content of the user and password fields (kept API key intact)

I saw this thread Authentication required? · Issue #9204 · syncthing/syncthing · GitHub mentioning that this problem could be related to an update, but that is not the case as the installation was already on v1.28.1, based on the log in C:\Users\user\AppData\Local\Syncthing\syncthing.log (as asked by acolomb, I didn’t comment there but created a thread here instead).

Do you also share a third friend who might open Syncthing on your computers and set a password to tease you about leaving it open?

That would have been a good joke but unfortunately there is no third friend involved.

Then I have no explanation.

I’ve spent a lot of my career in cybersecurity, including incident response. I would be looking very closely for signs that the devices in question have been compromised. And I would start with whatever your device and your friend’s device have in common that aren’t Syncthing.

For the sake of clarity: I have no reason to suspect that Syncthing itself is a source of compromise.

1 Like

As far as I know the default behaviour is to not use user and password as we bind to localhost. When binding on a public IP instead of localhost the user gets a warning it must set a username and password. But things never happen by itself, especially when user input is needed like setting username or password.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.