![]() However, our advice is always to periodically update the access codes. You can always check if a password has been stolen and take action as soon as possible. Our advice is that if you have used this password manager and they have used this autocomplete feature, check your passwords well and change them to avoid problems. Compromised websites can abuse this feature. This allows an attacker hosting a Phishing website under a subdomain that matches a stored login to capture the credentials when the victim visits that site.įrom Bitwarden they have indicated that the autocomplete function is a potential risk and that they warn of it. While investigating, they found that Bitwarden will also autofill credentials on subdomains of the base domain that match a login. What it can do is wait for the victim to put their data in and forward it to a remote server controlled by the attackers.īut they detected a second problem. The problem is that from Flashpoint, while analyzing Bitwarden, they detected that the extension also autofill forms defined in embedded iframes, something that can also happen in external domains. It is something that Google’s key manager also has, for example. Basically what it does is remember them and saves us time when we have to enter again. The bitwarden extension stores them so you don’t have to put them back next time. ![]() This is not a current novelty, but the fact that a group of security researchers from flash point has indicated that legitimate web pages using iframes still exist and can be exploited by hackers.īut what exactly is this function? When you enter a website, for example a page to buy a product, you enter your data and passwords. ![]() They have been able to exploit autocomplete and allow malicious iframes on trusted websites to steal user credentials. Specifically, hackers have been able to use iframes to steal passwords. If you have used Bitwarden to store your keys, be careful because they could have been stolen. 2 How to avoid problems A bug allows Bitwarden passwords to be stolen ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |