Bitwarden Windows Client vulnerability prior to 2023.4.0: CVE-2023-27706

ASK_ME_ABOUT_LOOM@sh.itjust.works to Bitwarden - The unofficial Bitwarden community@lemmy.mlEnglish · 1 year ago

https://nvd.nist.gov/vuln/detail/CVE-2023-27706

Bitwarden Desktop v1.20.0 and above stores the biometric key in plaintext which allows a local attacker to decrypt the entire local vault if you are using Windows Hello and are not on the latest version. The Bitwarden Windows client before version 2023.4.0 is affected.

Details here: https://hackerone.com/reports/1874155

(shamelessly stolen from reddit)

You must log in or register to comment.

Chat

Bitwarden - The unofficial Bitwarden community@lemmy.ml

bitwarden@lemmy.ml

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !bitwarden@lemmy.ml

Please do note that this an unofficial community.

Bitwarden - Open source password manager

Bitwarden is an open source password management platform for individuals, teams, and business organizations.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

28 users / day
28 users / week
3 users / month
6 users / 6 months
1 local subscriber
840 subscribers
52 Posts
6 Comments
Modlog

mods:
the_tech_beast@lemmy.ml