- Jun 14, 2011
- 1,838
Security shortcomings mean that multiple password managers could be tricked into auto-filling credentials on untrusted pages, security researchers at Google warn.
The team from Google went public with their findings on Tuesday (17 January), 90 days after notifying the applications – Dashlane, Bitwarden, and the built-in password manager bundled with Apple’s Safari browser – of the vulnerabilities.
Both Dashlane and Bitwarden have updated their software although Dashlane, at least, remains unconvinced that the bug represents any kind of security threat. The status of any fix for Apple’s Safari built-in password manager remains unconfirmed at the time of writing. The Daily Swig has asked Apple to comment and we’ll update this story as and when more information comes to hand.
Popular password managers auto-filled credentials on untrusted websites
Dashlane, Bitwarden, and Safari all cited by Google researchers
portswigger.net