![]() Flashpoint researchers said that this means the issue has been documented and public for more than four years. ![]() Upon contacting Bitwarden, Flashpoint revealed, to its surprise, that the company knew about the issue as far back as November 2018.īitwarden published a Security Assessment Report in which the issue, named BWN-01-001 by the password manager, was detailed. “If a user with a Bitwarden browser extension visits a specially crafted page hosted in these web services, an attacker is able to steal the credentials stored for the respective domain.” “In our research, we confirmed that a couple of major websites provide this exact environment,” said Flashpoint. The second is if an attacker hosts a web page under a subdomain. The first is if an uncompromised website embeds an external iframe, which an attacker controls, and enables the ‘Auto-fill on page load’ option. ![]() However, it also found that default URI matching, which is how a browser extension knows when to auto-fill logins, combined with unsecured auto-fill behaviour, can lead to two possible attack vectors. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |