A recent study has raised concerns regarding the security of popular cloud-based password managers, with researchers identifying vulnerabilities that could allow for password recovery attacks. Bitwarden, Dashlane, and LastPass, which collectively serve millions of users and businesses, have been found to be susceptible under specific conditions, potentially compromising the integrity and confidentiality of user vaults.
The findings, detailed in a paper by ETH Zurich and Università della Svizzera italiana, focus on the zero-knowledge encryption (ZKE) promises made by these password manager vendors. ZKE is a cryptographic method designed to prove knowledge of a secret without revealing the secret itself, aiming to enhance user privacy by ensuring vault data remains inaccessible even to the service provider. However, the researchers claim to have uncovered 12 distinct attacks against Bitwarden, seven against LastPass, and six against Dashlane.
Password Manager Vulnerabilities Under Scrutiny
These newly identified attacks range in severity, from breaches that affect the integrity of individual user vaults to those that could lead to the complete compromise of all vaults within an organization. The research posits a scenario where a threat actor controls a malicious server to test the ZKE implementations of these widely used password management solutions. Such vulnerabilities, if exploited, could undermine the core security assurances users expect from these services.
The study highlights several common design anti-patterns and cryptographic misconceptions as the root cause of these weaknesses. The researchers categorized the discovered attacks into four broad areas, illustrating the multifaceted nature of the security challenges facing zero-knowledge password managers.
Key Attack Vectors Identified in Password Managers
One significant category of attacks targets the “Key Escrow” account recovery mechanisms present in Bitwarden and LastPass. Vulnerabilities in the design of these recovery features could be exploited to undermine the confidentiality guarantees offered by the services. This means that compromised recovery processes might inadvertently expose sensitive encryption keys.
Additionally, the research points to flaws in item-level encryption, where individual data items and sensitive user settings are encrypted separately and often combined with unencrypted or unauthenticated metadata. This approach can lead to a variety of issues, including integrity violations, leakage of sensitive metadata, field swapping within vaults, and potential downgrade attacks on the key derivation functions (KDFs) used to generate encryption keys.
Sharing features within password managers also present a potential attack surface. The study found that exploiting these sharing functionalities could compromise both the integrity and the confidentiality of user vaults, allowing unauthorized access or modification of shared credentials.
Furthermore, backward compatibility with legacy code has been identified as a vulnerability. In the case of Bitwarden and Dashlane, flaws related to maintaining compatibility with older versions of their software could be exploited to conduct downgrade attacks, effectively forcing the use of less secure cryptographic protocols.
While 1Password was also found to be vulnerable to some item-level encryption and sharing attacks, the company has chosen to address these as pre-existing architectural limitations that have been publicly documented. Jacob DePriest, Chief Information Security Officer at 1Password, stated that the company’s security team reviewed the paper and found no new attack vectors beyond those already known. He emphasized 1Password’s commitment to continuously strengthening its security architecture and evolving it to counter advanced threat models, including those described in the research.
In response to the study’s findings, Bitwarden, Dashlane, and LastPass have all stated that they are implementing countermeasures. LastPass is reportedly working on enhancing its administrative password reset and sharing workflows to better mitigate intermediary threats. Dashlane has already patched an issue related to its encryption model, which could have allowed a downgrade if its servers were compromised. This patch involved removing support for legacy cryptography methods.
Bitwarden indicated that it is actively addressing all identified issues, with several already resolved or in active remediation. The company noted that three remaining issues have been accepted as intentional design decisions necessary for product functionality.
The ongoing scrutiny of password manager security underscores the critical nature of these tools in safeguarding digital identities. As vendors continue to refine their security practices in light of new research, users will be watching for further updates and assurances regarding the robustness of their encrypted vaults. The effectiveness of these mitigation efforts and their long-term impact on user security will be a key area to monitor in the coming months.