Password managers don’t protect secrets if pwned
www.theregister.com
: Researchers demo weaknesses affecting some of the most popular options

cross-posted from: https://infosec.pub/post/42164102

Researchers demo weaknesses affecting some of the most popular options Academics say they found a series of flaws affecting three popular password managers, all of which claim to protect user credentials in the event that their servers are compromised.…

    • floofloof@lemmy.caOPEnglish
      651·
      21 hours ago

      Well the specific point here is that these companies claim that a server hack won’t reveal your passwords since they’re encrypted and decrypted on your local device so the server only sees the encrypted version. Apparently this isn’t completely true.

      • Auli@lemmy.caEnglish
        2·
        6 hours ago

        Well if you decrypt the blob on the server they can see it.

      • philpo@feddit.orgEnglish
        12·
        11 hours ago

        At the point someone pulls off a valid MIM attack - which is basically a requirement here unless the whole BW/Vaultwarden server gets compromised- that is the least of someones problems. MIMs are incredibily hard these days.

      • underisk@lemmy.mlEnglish
        23·
        16 hours ago

        BW06: Icon URL Item Decryption. Items can include a URL field, which is used to autofill the credentials and display an icon on the client. The client decrypts the URL and fetches the icon from the server, including in its request the domain and top-level domain of the URL. For instance, if the URL is “https://host.tld/path”, the client request includes “host.tld”. This means that the adversary can learn (part of) the con- tents of URL fields. Using Attack BW05, an adversary can place the ciphertext of sensitive item fields, such as a user- name or a password, in the encrypted URL field. After fetch- ing the item, the client will then decrypt the ciphertext, confus- ing it for a URL. If the plaintext satisfies some conditions (i.e. containing a ‘.’ and no !), it will be leaked to the adversary. A URL checksum feature was deployed in July 2024, mak- ing the clients store a hash of the URL in another encrypted item field, therefore providing a rudimentary integrity check and preventing this attack. Note that old items are never up- dated to add such a checksum: this feature only protects items created after its introduction. Furthermore, URL checksums are only checked if a per-item key is present for the item. As we will see, an adversary can prevent per-item keys from being enabled with Attack BW10.

        IMPACT. The adversary can recover selected target ciphertexts in the item, such as the username or the password.

        REQUIREMENTS. The user opens a vault containing items that do not use per-item keys (i.e., items created before July 2024, or after Attack BW10 is run). The target plaintext must satisfy some additional conditions, detailed in Appendix

        from the paper the article is discussing

        So you could potentially expose your passwords to a compromised server or some kind of MITM. If they meet the conditions for the validation check, anyway.

        • unhrpetby@sh.itjust.works
          English
          1·
          13 hours ago

          My comment was to answer the question of: “Why is this relevant?” (Its been asked a lot). It’s relevant because Bitwarden is claiming that they “cannot see your passwords”.

          • Auli@lemmy.caEnglish
            1·
            6 hours ago

            Well if they store an encrypted blob they can’t see them.

          • underisk@lemmy.mlEnglish
            5·
            12 hours ago

            I didn’t think you were making the post to defend Bitwarden or something. I was just adding the details of one of the exploits the paper found that directly contradicted their claim.

    • tal@lemmy.todayEnglish
      421·
      21 hours ago

      Yeah, the title there really doesn’t reflect the article text. It should be “you probably can’t trust your password manager if the remote servers it uses are compromised”.

      • hummingbird@lemmy.worldEnglish
        2·
        12 hours ago

        That would be an understatement since all services claim your data is safe even in that case which is not true.