A brand new research has discovered that a number of cloud-based password managers, together with Bitwarden, Dashlane, and LastPass, are vulnerable to password restoration assaults beneath sure circumstances.
“The assaults vary in severity from integrity violations to the whole compromise of all vaults in a company,” researchers Matteo Scarlata, Giovanni Torrisi, Matilda Backendal, and Kenneth G. Paterson stated. “Nearly all of the assaults enable the restoration of passwords.”
It is price noting that the menace actor, per the research from ETH Zurich and Università della Svizzera italiana, supposes a malicious server and goals to look at the password supervisor’s zero-knowledge encryption (ZKE) guarantees made by the three options. ZKE is a cryptographic approach that enables one social gathering to show data of a secret to a different social gathering with out truly revealing the key itself.
ZKE can also be a bit of completely different from end-to-end encryption (E2EE). Whereas E2EE refers to a technique of securing knowledge in transit, ZKE is principally about storing knowledge in an encrypted format such that solely the particular person with the important thing can entry that info. Password supervisor distributors are identified to implement ZKE to “improve” person privateness and safety by making certain that the vault knowledge can’t be tampered with.
Nevertheless, the most recent analysis has uncovered 12 distinct assaults in opposition to Bitwarden, seven in opposition to LastPass, and 6 in opposition to Dashlane, starting from integrity violations of focused person vaults to a complete compromise of all of the vaults related to a company. Collectively, these password administration options serve over 60 million customers and almost 125,000 companies.
“Regardless of distributors’ makes an attempt to realize safety on this setting, we uncover a number of frequent design anti-patterns and cryptographic misconceptions that resulted in vulnerabilities,” the researchers stated in an accompanying paper.
The assaults fall beneath 4 broad classes –
- Assaults that exploit the “Key Escrow” account restoration mechanism to compromise the confidentiality ensures of Bitwarden and LastPass, ensuing from vulnerabilities of their key escrow designs.
- Assaults that exploit flawed item-level encryption — i.e., encrypting knowledge objects and delicate person settings as separate objects and sometimes mix with unencrypted or unauthenticated metadata, to end in integrity violations, metadata leakage, area swapping, and key derivation operate (KDF) downgrade.
- Assaults that exploit sharing options to compromise vault integrity and confidentiality.
- Assaults that exploit backwards compatibility with legacy code that end in downgrade assaults in Bitwarden and Dashlane.
The research additionally discovered that 1Password, one other fashionable password supervisor, is susceptible to each item-level vault encryption and sharing assaults. Nevertheless, 1Password has opted to deal with them as arising from already identified architectural limitations.
 |
| Abstract of assaults (BW stands for Bitwarden, LP for LastPass, and DL for Dashlane) |
When reached for remark, Jacob DePriest, Chief Info Safety Officer and Chief Info Officer at 1Password, advised The Hacker Information that the corporate’s safety reviewed the paper intimately and located no new assault vectors past these already documented in its publicly out there Safety Design White Paper.
“We’re dedicated to repeatedly strengthening our safety structure and evaluating it in opposition to superior menace fashions, together with malicious-server situations like these described within the analysis, and evolving it over time to take care of the protections our customers depend on,” DePriest added.
“For instance, 1Password makes use of Safe Distant Password (SRP) to authenticate customers with out transmitting encryption keys to our servers, serving to mitigate whole courses of server-side assaults. Extra lately, we launched a new functionality for enterprise-managed credentials, which from the beginning are created and secured to face up to subtle threats.”
As for the remaining, Bitwarden, Dashlane, and LastPass have all carried out countermeasures to mitigate the dangers highlighted within the analysis, with LastPass additionally planning to harden its admin password reset and sharing workflows to counter the menace posed by a malicious middleman. There isn’t any proof that any of those points has been exploited within the wild.
Particularly, Dashlane has patched a difficulty the place a profitable compromise of its servers may have allowed a downgrade of the encryption mannequin used to generate encryption keys and shield person vaults. The difficulty was mounted by eradicating help for legacy cryptography strategies with Dashlane Extension model 6.2544.1 launched in November 2025.
“This downgrade may end result within the compromise of a weak or simply guessable Grasp Password, and the compromise of particular person ‘downgraded’ vault objects,” Dashlane stated. “This subject was the results of the allowed use of legacy cryptography. This legacy cryptography was supported by Dashlane in sure instances for backwards compatibility and migration flexibility.”
Bitwarden stated all recognized points are being addressed. “Seven of which have been resolved or are in energetic remediation by the Bitwarden staff,” it stated. “The remaining three points have been accepted as intentional design selections vital for product performance.”
In an identical advisory, LastPass stated it is “actively working so as to add stronger integrity ensures to higher cryptographically bind objects, fields, and metadata, thereby serving to to take care of integrity assurance.”
