Security News Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers

Parkinsond

Parkinsond

Level 58
Thread author
Verified
Well-known
Dec 6, 2023
4,731
12,385
5,669
Content source
https://thehackernews.com/2026/02/study-uncovers-25-password-recovery.html
A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions.

"The attacks range in severity from integrity violations to the complete compromise of all vaults in an organization," researchers Matteo Scarlata, Giovanni Torrisi, Matilda Backendal, and Kenneth G. Paterson said. "The majority of the attacks allow the recovery of passwords."

Zero Knowledge (About) Encryption

zkae.io zkae.io

It's worth noting that the threat actor, per the study from ETH Zurich and Università della Svizzera italiana, supposes a malicious server and aims to examine the password manager's zero-knowledge encryption (ZKE) promises made by the three solutions. ZKE is a cryptographic technique that allows one party to prove knowledge of a secret to another party without actually revealing the secret itself.

ZKE is also a little different from end-to-end encryption (E2EE). While E2EE refers to a method of securing data in transit, ZKE is mainly about storing data in an encrypted format such that only the person with the key can access that information. Password manager vendors are known to implement ZKE to "enhance" user privacy and security by ensuring that the vault data cannot be tampered with.

However, the latest research has uncovered 12 distinct attacks against Bitwarden, seven against LastPass, and six against Dashlane, ranging from integrity violations of targeted user vaults to a total compromise of all the vaults associated with an organization. Collectively, these password management solutions serve over 60 million users and nearly 125,000 businesses.

thehackernews.com

Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers

Academic study finds 25 attack methods in major cloud password managers exposing vault, recovery, and encryption design risks.
thehackernews.com thehackernews.com
Click to expand...
 
  • Like
  • Wow
Reactions: Brownie2019, [correlate], Zero Knowledge and 6 others

"Under certain conditions" from the study:

Threat Model​

We analyse these password managers under a malicious server threat model, in which the server can arbitrarily deviate from expected behaviour. This model is justified by three arguments: the vendors' own security claims imply protection in this setting; the high sensitivity of vault data makes these servers attractive targets (as evidenced by a history of breaches); and in closely related areas such as E2E-encrypted cloud storage and messaging, security against a malicious server is already the norm.

The vendors' own claims set user expectations of security even against a compromised server:
Click to expand...
 
  • Like
  • +Reputation
Reactions: Brownie2019, [correlate], Parkinsond and 1 other person
Victor M said:
Hard to say. With today's stacked gpu power, I would say a month or so. Length of the key is an important factor. 16 chars a minimum.
Click to expand...
Use this website to estimate the expected breach time:

bitwarden.com

Password Tester | Test Your Password Strength | Bitwarden

Bitwarden offers the most trusted password tester tool to ensure your password strength will protect your online information. Completely free and easy to use.
bitwarden.com bitwarden.com
 
  • Like
Reactions: [correlate] and Jonny Quest
Victor M said:
The only take away I got from that article was to use long long keys. I didn't read thru it carefully. The old standard minimum of 8-9 chars is no longer enough.
Click to expand...
Different online password managers has different estimations of password strength; length is one parameter, others include complexity (mixing upper and lower case letters with numbers and symbols); also randomization (not being a dictionary word) is an important parameter.
 
  • Like
Reactions: [correlate]
From the article::

Takeaways​


Modern GPUs are capable of cracking user passwords at a tremendous speed. The simplest brute-force algorithm can crack any password up to eight characters long within less than a day. Smart hacking algorithms can quickly guess even long passwords. These use dictionaries, consider character substitution (“e” to “3”, “1” to “!” or “a” to “@”) and popular combinations (“qwerty”, “12345”, “asdfg”).


This study lets us draw the following conclusions about password strength:


  • Many user passwords are not strong enough: 59% can be guessed within one hour.
  • Using meaningful words, names and standard character combinations significantly reduces the time it takes to guess the password.
  • The least secure password is one that consists entirely of digits or words.

To protect your accounts from hacking:


  • Remember that the best password is a random, computer-generated one. Many password managers are capable of generating passwords.
  • Use mnemonic, rather than meaningful, phrases.
  • Check your password for resistance to hacking. You can do this with the help of Password Checker, Kaspersky Password Manager or the zxcvbn
  • Make sure your passwords are not contained in any leaked databases by going to haveibeenpwned. Use security solutions that alert users about password leaks.
  • Avoid using the same password for multiple websites. If your passwords are unique, cracking one of them would cause less damage.
-------------------------------------------------------
When I need a password, I use onlilne password generators. You can specify the length. Like this one: Password Generator - LastPass
 
  • Like
Reactions: [correlate]
Victor M said:
From the article::

Takeaways​


Modern GPUs are capable of cracking user passwords at a tremendous speed. The simplest brute-force algorithm can crack any password up to eight characters long within less than a day. Smart hacking algorithms can quickly guess even long passwords. These use dictionaries, consider character substitution (“e” to “3”, “1” to “!” or “a” to “@”) and popular combinations (“qwerty”, “12345”, “asdfg”).


This study lets us draw the following conclusions about password strength:


  • Many user passwords are not strong enough: 59% can be guessed within one hour.
  • Using meaningful words, names and standard character combinations significantly reduces the time it takes to guess the password.
  • The least secure password is one that consists entirely of digits or words.

To protect your accounts from hacking:


  • Remember that the best password is a random, computer-generated one. Many password managers are capable of generating passwords.
  • Use mnemonic, rather than meaningful, phrases.
  • Check your password for resistance to hacking. You can do this with the help of Password Checker, Kaspersky Password Manager or the zxcvbn
  • Make sure your passwords are not contained in any leaked databases by going to haveibeenpwned. Use security solutions that alert users about password leaks.
  • Avoid using the same password for multiple websites. If your passwords are unique, cracking one of them would cause less damage.
-------------------------------------------------------
When I need a password, I use onlilne password generators. You can specify the length. Like this one: Password Generator - LastPass
Click to expand...
The estimation of breach time by the website I have included its link for you takes into consideration such capabilities.
 
  • Like
Reactions: [correlate]
Jonny Quest said:
And from what I've seen, passphrases can be an option, if not better in some cases? Of about 4-5 random words with characters in-between, even at the beginning or the end of the phrases.
Click to expand...
Passphrase is the suitable option for the one who is ready to memorize the master password of password manager or the password of password-protected file.
For me, I prefer a complex password written on paper.
 
  • Like
  • Applause
Reactions: [correlate], Zero Knowledge and Jonny Quest
Parkinsond said:
The estimation of breach time by the website I have included its link for you takes into consideration such capabilities.
Click to expand...
Do remember that Bitwarden's estimator is based on zxcvbn methodology, assuming a slow cracking speed of 10k/sec, which usually means up-to-date KDF parameters for password managers. Typically, to use the estimator for non-password manager encryption, you need to pad the complexity of the password used "appropriately."

I personally assume the worst when the hashing function (MD5) or KDF is unknown and use a password with the equivalent of a randomly generated 14-15-16 character password that includes alphanumeric and special characters.

On the other hand, for your encrypted file, they need to grab hold of the file, and most likely, unless they manage to grab the password too, or if you are a substantial crypto investor or a state enemy, they probably are not going to bother beyond a perfunctory dictionary or most common password attack.
 
  • Like
  • +Reputation
Reactions: [correlate] and Parkinsond
lokamoka820 said:
Is Zero Knowledge mentioned in the article, our well-known @Zero Knowledge 🤔
Click to expand...
:cry: It actually wouldn't surprise me they stole the name from here :p. Stealing and plagiarism from online forums is very common place in the media, Reddit is prime example.

Maybe I can sue for royalties :unsure:?
 
  • HaHa
  • Like
Reactions: lokamoka820, [correlate], Jonny Quest and 1 other person

You may also like...