Bitwarden Heist - How to Break into Password Vaults without Using Passwords
blog.redteam-pentesting.de
Sometimes, making particular security design decisions can have unexpected consequences. For security-critical software, such as password managers, this can easily lead to catastrophic failure: In this blog post, we show how Bitwarden’s Windows Hello …
  • Gigan@lemmy.worldEnglish
    81·
    8 months ago

    That’s scary, I use Bitwarden. But it sounds like for this to work the attacker needs to have already compromised the organization’s domain controller and the user needs to have enabled biometrics, which I never do.