ASK_ME_ABOUT_LOOM@sh.itjust.works to Bitwarden - The unofficial Bitwarden communityEnglish · 1 year ago

Bitwarden Windows Client vulnerability prior to 2023.4.0: CVE-2023-27706

1

10

Bitwarden Windows Client vulnerability prior to 2023.4.0: CVE-2023-27706

ASK_ME_ABOUT_LOOM@sh.itjust.works to Bitwarden - The unofficial Bitwarden communityEnglish · 1 year ago

1

https://nvd.nist.gov/vuln/detail/CVE-2023-27706

Bitwarden Desktop v1.20.0 and above stores the biometric key in plaintext which allows a local attacker to decrypt the entire local vault if you are using Windows Hello and are not on the latest version. The Bitwarden Windows client before version 2023.4.0 is affected.

Details here: https://hackerone.com/reports/1874155

(shamelessly stolen from reddit)

You must log in or # to comment.

Chat

blackfire
link
fedilink
English
arrow-up
1·
1 year ago
Only possible if you enable bio auth but the more worrying is the token isn’t destroyed even after the application is closed. Eek

Bitwarden - The unofficial Bitwarden community

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !bitwarden@lemmy.ml

Please do note that this an unofficial community.

Bitwarden - Open source password manager

Bitwarden is an open source password management platform for individuals, teams, and business organizations.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

1 user / day
1 user / week
38 users / month
118 users / 6 months
279 local subscribers
928 subscribers
66 Posts
59 Comments
Modlog

mods:
the_tech_beast