What security vulnerabilities were found in password managers?

Serious security vulnerabilities were found in popular password managers, allowing attackers to view and change stored passwords.

Which password managers were affected by these flaws?

The security flaws were discovered in popular password managers including Bitwarden, LastPass, and Dashlane.

Home / Technology / Password Managers' Secret Flaws Exposed

Password Managers' Secret Flaws Exposed

Q: Why are these password manager vulnerabilities a concern?

These vulnerabilities are a concern because they can lead to the compromise of user vaults, enabling unauthorized access to and manipulation of stored passwords.

17 Feb

•

Summary

Researchers found serious security vulnerabilities in popular password managers.
Attacks allowed access to and manipulation of stored passwords.
Complex code architectures may increase security risks.

Popular password managers, including Bitwarden, LastPass, and Dashlane, have been found to contain serious security vulnerabilities. Swiss security researchers demonstrated a range of attacks that could lead to the compromise of user vaults, enabling unauthorized access to and even alteration of stored passwords. These findings were shared with the companies before public disclosure, allowing them time to address the flaws.

The researchers identified complex code architectures within these managers, likely a consequence of features designed for enhanced user experience, such as password recovery and family sharing. However, this complexity appears to have increased the potential attack surface.

The successful exploits did not require extensive computing power, relying instead on simple program interactions that mimic routine user activities. All three affected companies responded to the vulnerability disclosures, though their speed in implementing fixes varied.

Disclaimer: This story has been auto-aggregated and auto-summarised by a computer program. This story has not been edited or created by the Feedzop team.