Vulnerability discovered in Bitwarden

One of the functions of the popular password manager has a vulnerability that can allow credential theft when using the autofill function.

Bitwarden is a password manager that has an extension for browsers that automatically fills passwords. The vulnerability was reported to Bitwarden by Flashpoint analysts. Although the autofill function is disabled by default, There are Web pages that are eligible to exploit this vulnerability.

When a user visits a web page, The extension detects if there are saved credentials and if we are facing the login page. In that case, The data is automatically filled in, to offer user comfort.

The problem comes when the page we visit is compromised and the attackers have placed on it what is called an embedded iframe. This is a clone page that is invisible to the user but also contains the boxes to enter username and password. By entering such information, it is sent to the legitimate server and, At the same time, to the attackers' malicious server.

For its part, Bitwarden in addition to having this function disabled by default, warns in your instruction manual of the risks that its use may involve. There is currently no short-term solution, since popular websites like icloud.com use the iframes mechanism (this time visible) for the sign-in page, according to Bitwarden.

Fountain: Bleeping Computer

Leave a Reply

Your email address will not be published. Required fields are marked *

Intec Cybersecurity
Intec Cybersecurity
intec cybersecurity