Bitwarden users who use manual auto-fill, get a warning if they try to fill in an untrusted iframe.Trusted domains include domains that match the URL the user visited in the browser. When a user enables the feature, Bitwarden will use the feature only for trusted domains and URLs that the user added specifically to the application.Auto-fill on page load is disabled, just like before.In other words, Bitwarden's auto-fill functionality has the following characteristics now: When users fill out data manually, they do get a warning prompt if the iframe is untrusted. It will still fill out login data automatically, but only on trusted domains. Bitwarden engineers addressed the issue by changing how autofill on page load works. Bitwarden's fixīitwarden created a fix for the issue that is documented on the company's official GitHub website. Security Tip: find out how to back up your Bitwarden password database. Flashpoint noted that attackers could exploit this to forward login information to remote servers.
Bitwarden's auto-fill solution works on iframes, which are embedded webpages, and also on subdomains. All a user would have to do is visit specifically prepared websites and have auto-fill enabled. To Bitwarden's credit, it displays a warning next to the setting that the feature could potentially be exploited by compromised or untrusted websites.įlashpoint security researchers discovered an issue with auto-fill that could be exploited to steal login information passively. The functionality is not enabled by default, but users may enable it in the application's settings. One of these features is the ability to auto-fill login information on websites to sign the user in automatically. Like many competing products, Bitwarden supports convenience features to make the life of its users easier. Bitwarden is a popular password management solution that is available for all major desktop and mobile platforms, as well as on the web directly.
0 kommentar(er)
