In May 2022, Bitwarden asked the cybersecurity experts at Cure53 to perform penetration testing and "develop a detailed and encompassing security assessment across Bitwarden IPs, servers, and web applications".
Cure53 found no critical or important issues during the analysis of Bitwarden's network and infrastructure. The security researchers did find four issues; two of them received a low security threat rating, the other two an informational rating only. Cure53 concluded that Bitwarden "exhibits a strong security foundation with zero exploitable vulnerabilities found". Three of the four issues that the security researchers discovered during the audit have been addressed by now, the fourth is under investigation.
