Bitwarden adds a new auto-fill option right inside form fields (bitwarden.com)

submitted 6 months ago by Renn@sh.itjust.works to c/bitwarden@discuss.tchncs.de

24 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] cron@feddit.de 3 points 6 months ago* (last edited 6 months ago)

There might be a vulnerability if the attacker controls one part of a website and can embed a form there. Then the password safe might enter and send the data to the attacker.

I don't think that this is a very likely attack, but at least in theory this could work.

Edit: Bitwarden protects against such attacks:

The auto-fill menu will only fill credentials when a user selects a form field they want to interact with. This protects users from potentially malicious form fields or web pages and ensures sensitive information will never be populated without user knowledge.

[-] 4am@lemm.ee 7 points 6 months ago

If an attacker can control the content delivered from a valid domain’s web server, nothing at all is going to protect you.

this post was submitted on 21 Feb 2024

75 points (96.3% liked)

Bitwarden

733 readers

3 users here now

Discuss the Paswordmanager Bitwarden.

founded 1 year ago

MODERATORS

wuffa@discuss.tchncs.de