A brand new research has discovered that a number of cloud-based password managers, together with Bitwarden, Dashlane, and LastPass, are vulnerable to password restoration assaults beneath sure situations.
“The assaults vary in severity from integrity violations to the whole compromise of all vaults in a company,” researchers Matteo Scarlata, Giovanni Torrisi, Matilda Backendal, and Kenneth G. Paterson mentioned. “Nearly all of the assaults enable the restoration of passwords.”
It is value noting that the menace actor, per the research from ETH Zurich and Università della Svizzera italiana, supposes a malicious server and goals to look at the password supervisor’s zero-knowledge encryption (ZKE) guarantees made by the three options. ZKE is a cryptographic method that permits one celebration to show data of a secret to a different celebration with out really revealing the key itself.
ZKE can also be a bit of completely different from end-to-end encryption (E2EE). Whereas E2EE refers to a way of securing knowledge in transit, ZKE is especially about storing knowledge in an encrypted format such that solely the particular person with the important thing can entry that info. Password supervisor distributors are recognized to implement ZKE to “improve” person privateness and security by making certain that the vault knowledge can’t be tampered with.
Nevertheless, the newest analysis has uncovered 12 distinct assaults towards Bitwarden, seven towards LastPass, and 6 towards Dashlane, starting from integrity violations of focused person vaults to a complete compromise of all of the vaults related to a company. Collectively, these password administration options serve over 60 million customers and almost 125,000 companies.
“Regardless of distributors’ makes an attempt to realize security on this setting, we uncover a number of widespread design anti-patterns and cryptographic misconceptions that resulted in vulnerabilities,” the researchers mentioned in an accompanying paper.
The assaults fall beneath 4 broad classes –
- Attacks that exploit the “Key Escrow” account restoration mechanism to compromise the confidentiality ensures of Bitwarden and LastPass, ensuing from vulnerabilities of their key escrow designs.
- Attacks that exploit flawed item-level encryption — i.e., encrypting knowledge objects and delicate person settings as separate objects and infrequently mix with unencrypted or unauthenticated metadata, to end in integrity violations, metadata leakage, area swapping, and key derivation operate (KDF) downgrade.
- Attacks that exploit sharing options to compromise vault integrity and confidentiality.
- Attacks that exploit backwards compatibility with legacy code that end in downgrade assaults in Bitwarden and Dashlane.
The research additionally discovered that 1Password, one other common password supervisor, is weak to each item-level vault encryption and sharing assaults. Nevertheless, 1Password has opted to deal with them as arising from already recognized architectural limitations.
 |
| Abstract of assaults (BW stands for Bitwarden, LP for LastPass, and DL for Dashlane) |
When reached for remark, Jacob DePriest, Chief Data Safety Officer and Chief Data Officer at 1Password, informed The Hacker Information that the corporate’s security reviewed the paper intimately and located no new assault vectors past these already documented in its publicly obtainable Safety Design White Paper.
“We’re dedicated to repeatedly strengthening our security structure and evaluating it towards superior menace fashions, together with malicious-server eventualities like these described within the analysis, and evolving it over time to take care of the protections our customers depend on,” DePriest added.
“For instance, 1Password makes use of Safe Distant Password (SRP) to authenticate customers with out transmitting encryption keys to our servers, serving to mitigate whole courses of server-side assaults. Extra lately, we launched a brand new functionality for enterprise-managed credentials, which from the beginning are created and secured to face up to subtle threats.”
As for the remaining, Bitwarden, Dashlane, and LastPass have all applied countermeasures to mitigate the dangers highlighted within the analysis, with LastPass additionally planning to harden its admin password reset and sharing workflows to counter the menace posed by a malicious middleman. There isn’t a proof that any of those points has been exploited within the wild.
Particularly, Dashlane has patched a problem the place a profitable compromise of its servers may have allowed a downgrade of the encryption mannequin used to generate encryption keys and shield person vaults. The problem was fastened by eradicating help for legacy cryptography strategies with Dashlane Extension model 6.2544.1 launched in November 2025.
“This downgrade may outcome within the compromise of a weak or simply guessable Grasp Password, and the compromise of particular person ‘downgraded’ vault objects,” Dashlane mentioned. “This challenge was the results of the allowed use of legacy cryptography. This legacy cryptography was supported by Dashlane in sure instances for backwards compatibility and migration flexibility.”
Bitwarden mentioned all recognized points are being addressed. “Seven of which have been resolved or are in lively remediation by the Bitwarden workforce,” it mentioned. “The remaining three points have been accepted as intentional design selections vital for product performance.”
In an analogous advisory, LastPass mentioned it is “actively working so as to add stronger integrity ensures to higher cryptographically bind objects, fields, and metadata, thereby serving to to take care of integrity assurance.”
