A brand new research has discovered that a number of cloud-based password managers, together with Bitwarden, Dashlane, and LastPass, are vulnerable to password restoration assaults beneath sure situations.
“The attacks range in severity from integrity violations to the complete compromise of all vaults in an organization,” researchers Matteo Scarlata, Giovanni Torrisi, Matilda Backendal, and Kenneth G. Paterson mentioned. “The majority of the attacks allow the recovery of passwords.”
It is value noting that the menace actor, per the research from ETH Zurich and Università della Svizzera italiana, supposes a malicious server and goals to look at the password supervisor’s zero-knowledge encryption (ZKE) guarantees made by the three options. ZKE is a cryptographic approach that enables one celebration to show data of a secret to a different celebration with out really revealing the key itself.
ZKE can also be a bit completely different from end-to-end encryption (E2EE). Whereas E2EE refers to a way of securing information in transit, ZKE is principally about storing information in an encrypted format such that solely the particular person with the important thing can entry that info. Password supervisor distributors are recognized to implement ZKE to “enhance” consumer privateness and safety by making certain that the vault information can’t be tampered with.
Nevertheless, the newest analysis has uncovered 12 distinct assaults towards Bitwarden, seven towards LastPass, and 6 towards Dashlane, starting from integrity violations of focused consumer vaults to a complete compromise of all of the vaults related to a company. Collectively, these password administration options serve over 60 million customers and practically 125,000 companies.
“Despite vendors’ attempts to achieve security in this setting, we uncover several common design anti-patterns and cryptographic misconceptions that resulted in vulnerabilities,” the researchers mentioned in an accompanying paper.
The assaults fall beneath 4 broad classes –
- Assaults that exploit the “Key Escrow” account restoration mechanism to compromise the confidentiality ensures of Bitwarden and LastPass, ensuing from vulnerabilities of their key escrow designs.
- Assaults that exploit flawed item-level encryption — i.e., encrypting information gadgets and delicate consumer settings as separate objects and infrequently mix with unencrypted or unauthenticated metadata, to end in integrity violations, metadata leakage, discipline swapping, and key derivation perform (KDF) downgrade.
- Assaults that exploit sharing options to compromise vault integrity and confidentiality.
- Assaults that exploit backwards compatibility with legacy code that end in downgrade assaults in Bitwarden and Dashlane.
The research additionally discovered that 1Password, one other in style password supervisor, is weak to each item-level vault encryption and sharing assaults. Nevertheless, 1Password has opted to deal with them as arising from already recognized architectural limitations.
 |
| Abstract of assaults (BW stands for Bitwarden, LP for LastPass, and DL for Dashlane) |
When reached for remark, Jacob DePriest, Chief Info Safety Officer and Chief Info Officer at 1Password, instructed The Hacker Information that the corporate’s safety reviewed the paper intimately and located no new assault vectors past these already documented in its publicly out there Safety Design White Paper.
“We are committed to continually strengthening our security architecture and evaluating it against advanced threat models, including malicious-server scenarios like those described in the research, and evolving it over time to maintain the protections our users rely on,” DePriest added.
“For example, 1Password uses Secure Remote Password (SRP) to authenticate users without transmitting encryption keys to our servers, helping mitigate entire classes of server-side attacks. More recently, we introduced a new capability for enterprise-managed credentials, which from the start are created and secured to withstand sophisticated threats.”
As for the remainder, Bitwarden, Dashlane, and LastPass have all applied countermeasures to mitigate the dangers highlighted within the analysis, with LastPass additionally planning to harden its admin password reset and sharing workflows to counter the menace posed by a malicious middleman. There isn’t any proof that any of those points has been exploited within the wild.
Particularly, Dashlane has patched a difficulty the place a profitable compromise of its servers might have allowed a downgrade of the encryption mannequin used to generate encryption keys and shield consumer vaults. The difficulty was fastened by eradicating help for legacy cryptography strategies with Dashlane Extension model 6.2544.1 launched in November 2025.
“This downgrade could result in the compromise of a weak or easily guessable Master Password, and the compromise of individual ‘downgraded’ vault items,” Dashlane mentioned. “This issue was the result of the allowed use of legacy cryptography. This legacy cryptography was supported by Dashlane in certain cases for backwards compatibility and migration flexibility.”
Bitwarden mentioned all recognized points are being addressed. “Seven of which have been resolved or are in active remediation by the Bitwarden team,” it mentioned. “The remaining three issues have been accepted as intentional design decisions necessary for product functionality.”
In the same advisory, LastPass mentioned it is “actively working to add stronger integrity guarantees to better cryptographically bind items, fields, and metadata, thereby helping to maintain integrity assurance.”
