Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
General Apps
Passwords and passkeys
Bitwarden Autofill Flaw can let Hackers Steal Passwords using iframes
Message
<blockquote data-quote="ForgottenSeer 98186" data-source="post: 1031197"><p>What amazes me is that people are not understanding at all. Autofill is only one aspect of it. If a Bitwarden user does not use Autofill, they are still completely susceptible to hidden malicious iFrames when they select the login inside the BItwarden extension and double-click on it to fill the username and password fields for them. When they use that method, Bitwarden also fills the fields in any hidden iFrames.</p><p></p><p>A user is only protected if they manually copy-pasta both the username and password from within Bitwarden. They should never use autofill whatsoever. Of course this is completely unpopular and unacceptable to a lot of users. Their view is that the primary purpose of a password manager is to fill the login for them. Nope. They are utterly wrong. That is just a convenience feature. Just proves how lazy and careless users are. So dependent upon convenience features that they will sacrifice their own security.</p></blockquote><p></p>
[QUOTE="ForgottenSeer 98186, post: 1031197"] What amazes me is that people are not understanding at all. Autofill is only one aspect of it. If a Bitwarden user does not use Autofill, they are still completely susceptible to hidden malicious iFrames when they select the login inside the BItwarden extension and double-click on it to fill the username and password fields for them. When they use that method, Bitwarden also fills the fields in any hidden iFrames. A user is only protected if they manually copy-pasta both the username and password from within Bitwarden. They should never use autofill whatsoever. Of course this is completely unpopular and unacceptable to a lot of users. Their view is that the primary purpose of a password manager is to fill the login for them. Nope. They are utterly wrong. That is just a convenience feature. Just proves how lazy and careless users are. So dependent upon convenience features that they will sacrifice their own security. [/QUOTE]
Insert quotes…
Verification
Post reply
Top