Researcher Exposes Zero-Day Clickjacking Vulnerabilities in Major Password Managers
- Thread starter Andy Ful
- Start date
I use Rumpelstiltskin++ for everything, no one will ever guess that 
Found this site that lets you test for DOM clickjacking on password manager extensions. Pretty eye-opening stuff.
Check it out: DOM-based Extension Clickjacking
A bit wild that this is still an issue in 2026, but here we are.
Check it out: DOM-based Extension Clickjacking
A bit wild that this is still an issue in 2026, but here we are.
No, because it's a DOM-based injection. Also, many major password managers with extensions, including Bitwarden and KeePassXC, have fixed the problem since then.
You may also like...
-
Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers- Started by Parkinsond
- Replies: 24
-
How to Protect Your Windows NTLM Credentials from Zero Day Threats- Started by lokamoka820
- Replies: 1
-
Chinese Hackers Exploit Fortinet Zero-Day to Steal VPN Credentials- Started by enaph
- Replies: 0
-
-
Password Managers Auto-filled Credentials on Untrusted sites
- Started by enaph
- Replies: 73