6/20/2023 0 Comments Firefox bitwarden![]() Bitwarden has decided to retain its iframe functionality but agreed to exclude the hosting environments the cyber security firm discussed. To encourage Bitwarden to tighten its security, Flashpoint explained various attack vectors that hackers could use to steal information. If there’s a malicious iframe embedded on a site, it’s safe to assume that data has already been compromised even without Bitwarden’s inputs.īitwarden doesn’t autofill login credentials without users’ consent. Users should be able to log in to all websites, even those with embedded iframes. These are the reasons for not addressing it: The document describes the iframe issue and why the company decided not to fix it. That meant the company was aware of the problem. In response, Bitwarden sent a Security Assessment Report dated Nov. The good news is that Flashpoint hasn’t found many websites that place iframes on their login page.Īfter discovering the security flaw, Flashpoint notified Bitwarden. It is essentially serving login credentials to hackers on a silver platter. That is why Bitwarden’s auto-fill feature for iframes is problematic. They can place a login form in the iframe, wait for inputs, and send the data to a remote router. Unfortunately, hackers can also use them to steal sensitive information. They are usually for advertisements, interactive content, and embedded videos. Why is that dangerous? Inline frames, or iframes, host third-party content on a parent page. The password manager’s browser extension auto-fills all forms, including those within an iframe. Why Is Bitwarden’s Iframe Flaw Dangerous?Ĭyber security firm Flashpoint recently discovered something unusual about Bitwarden. That way, you can take the necessary steps to secure your login credentials and other private data. If your company uses Bitwarden, here’s everything you need to know about the issue. The company has known about the vulnerability for years but left the issue unaddressed. Bitwarden is under scrutiny because its autofill feature gives hackers easy access to sensitive information. However, a popular password manager recently made headlines for its major security flaw. The purpose of password managers is to safeguard our login credentials and online accounts.
0 Comments
Leave a Reply. |