New research has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions.
Researchers Matteo Scarlata, Giovanni Torrisi, Matilda Backendal, and Kenneth G. Paterson said, “The severity of attacks ranges from integrity violations to complete compromise of all vaults within an organization.” “The majority of attacks allow for password recovery.”
It is worth noting that, according to research from ETH Zurich and Italy’s Svizzella University, the attackers assumed a malicious server and aimed to explore the zero-knowledge encryption (ZKE) promise of password managers enabled by three solutions. ZKE is an encryption technique that allows one party to prove knowledge of a secret to another party without actually revealing the secret itself.
ZKE is also slightly different from end-to-end encryption (E2EE). While E2EE refers to a method of protecting data in transit, ZKE is primarily intended to store data in an encrypted format so that only those with the key can access the information. Password manager vendors are known to implement ZKE to “enhance” user privacy and security by ensuring that Vault data cannot be tampered with.
However, the latest investigation revealed 12 separate attacks against Bitwarden, seven against LastPass, and six against Dashlane. This can range from an integrity violation of a targeted user container to a complete compromise of all containers associated with the organization. Collectively, these password management solutions serve more than 60 million users and approximately 125,000 businesses.
“Despite vendors’ attempts to achieve security in this configuration, we discovered several common design anti-patterns and cryptographic misconceptions that resulted in vulnerabilities,” the researchers wrote in an accompanying paper.
Attacks fall into four broad categories:
An attack that exploits the “key escrow” account recovery mechanism and violates the confidentiality guarantees of Bitwarden and LastPass due to vulnerabilities in the key escrow design. An attack that exploits flawed field-level encryption. This means encrypting data items and sensitive user settings as separate objects, often combined with unencrypted or unauthenticated metadata, leading to integrity violations, metadata leaks, field swaps, and key derivation function (KDF) downgrades. Attacks that exploit sharing capabilities to compromise the integrity and confidentiality of containers. Downgrade attacks occur in Bitwarden and Dashlane due to attacks that exploit backward compatibility with legacy code.
The study also found that 1Password, another popular password manager, is vulnerable to both item-level vault encryption and sharing attacks. However, 1Password has chosen to treat them as arising from known architectural limitations.
Attack summary (BW stands for Bitwarden, LP stands for LastPass, DL stands for Dashlane)
When asked for comment, Jacob DePriest, chief information security officer and chief information officer at 1Password, told The Hacker News that the company’s security department had reviewed the paper in detail and found no new attack vectors beyond those already described in the public security design whitepaper.
“We are committed to continually hardening our security architecture, evaluating it against advanced threat models, including malicious server scenarios like those described in our research, and evolving it over time to maintain the protection our users rely on,” DePriest added.
“1Password, for example, uses Secure Remote Passwords (SRP) to authenticate users without sending encryption keys to the server, mitigating an entire class of server-side attacks. More recently, we introduced new capabilities for enterprise-managed credentials, which are built and protected from the beginning to withstand advanced threats.”
As for the rest, Bitwarden, Dashlane, and LastPass have all implemented measures to mitigate the risks uncovered in the investigation, and LastPass also plans to enhance its admin password reset and sharing workflows to counter threats posed by malicious intermediaries. There is no evidence that these issues have been exploited in the wild.
Specifically, Dashlane has patched an issue that could allow a successful compromise of a server to downgrade the encryption model used to generate encryption keys and protect user containers. This issue was fixed in Dashlane Extension version 6.2544.1, released in November 2025, by removing support for legacy encryption methods.
“This downgrade could compromise a weak or easily guessed master password, potentially compromising individual ‘downgraded’ vault items,” Dashlane said. “The issue was due to the allowed use of legacy encryption, which was supported by Dashlane in certain cases to ensure backward compatibility and migration flexibility.”
Bitwarden said all identified issues have been resolved. “Seven of these have been resolved or are actively being remediated by the Bitwarden team.” “The remaining three issues were accepted as intentional design decisions necessary for the functionality of the product.”
LastPass said in a similar advisory that it is “actively working on adding stronger integrity guarantees to better cryptographically bind items, fields, and metadata, thereby contributing to maintaining integrity guarantees.”
Source link
