11/7/2023 0 Comments Bitwarden chromebookIn response to the report, Bitwarden has said it’s planning an update that will block autofill on subdomains. It’s worth noting that autofill on page load is disabled in Bitwarden by default, and the tool does warn users about the possible risks when they turn the feature on. In order to keep working on websites that use iframes, Bitwarden has to leave this window of opportunity open for possible phishing and password theft. Still, both flaws have a pretty small chance of occurring, which is why Bitwarden hasn’t fixed the issue despite being aware of it. This problem won’t crop up on legitimate, large websites, but free hosting services allow for such domains to be made. As an example, should a company have a login page at and allow users to serve content under these users are able to steal credentials from the Bitwarden extensions,” Flashpoint explained. “Some content hosting providers allow hosting arbitrary content under a subdomain of their official domain, which also serves their login page. This means that if you stumble upon a phishing page, with a subdomain that matches the base domain you’ve saved your password for, Bitwarden might automatically provide it to the hacker. Bitwarden’s autofill on page load also works on subdomains of the domain you’re trying to access, as long as the login matches. There’s another way hackers could steal your passwords, though. In its report, Flashpoint said: “While the embedded iframe does not have access to any content in the parent page, it can wait for input to the login form and forward the entered credentials to a remote server without further user interaction.”
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |