Hot Take Researcher Exposes Zero-Day Clickjacking Vulnerabilities in Major Password Managers

Shadowra · Sep 6, 2025

1Password has given it a low priority...

TuxTalk · Sep 6, 2025

Bitwarden fixed it already.

Sorrento · Sep 6, 2025

I use Rumpelstiltskin++ for everything, no one will ever guess that

acyclovir · 2026-02-05T04:38:50-0600

Found this site that lets you test for DOM clickjacking on password manager extensions. Pretty eye-opening stuff.

Check it out: DOM-based Extension Clickjacking

A bit wild that this is still an issue in 2026, but here we are.

Parkinsond · 2026-02-05T04:51:55-0600

acyclovir said:
Found this site that lets you test for DOM clickjacking on password manager extensions. Pretty eye-opening stuff.

Check it out: DOM-based Extension Clickjacking

A bit wild that this is still an issue in 2026, but here we are.

Does it work for Keepassxc without extension?

Wrecker4923 · 2026-02-05T05:27:39-0600

No, because it's a DOM-based injection. Also, many major password managers with extensions, including Bitwarden and KeePassXC, have fixed the problem since then.

Search

Search

Hot Take Researcher Exposes Zero-Day Clickjacking Vulnerabilities in Major Password Managers

Shadowra

Level 40

TuxTalk

Level 20

Sorrento

Level 27

acyclovir

Level 1

Parkinsond

Level 54

Wrecker4923

Level 7

You may also like...