Password Managers Vulnerable to Vault Compromise Under Malicious Server

For each of the tested password managers, the researchers managed to achieve vault compromise, including full vault compromise for Bitwarden and LastPass, and shared vault compromise for Dashlane.They demonstrated that in many cases an attacker could not only view users’ credentials but also modify them.Password managers respondSome of the vendors pointed out that the attack methods identified by the researchers require full compromise of a password manager’s servers and advanced skills to conduct cryptographic attacks.Dashlane toldSecurityWeekthat some of the findings require “either specific circumstances and/or an extremely significant window of time”.The vendors have been notified and rolled out patches and mitigations for many of the vulnerabilities, but pointed out that some issues are difficult to address.“When users share items, symmetric keys are encrypted with the recipient’s public keys. As with most server‑mediated end-to-end encrypted (E2EE) systems, this creates a structural dependency on the authenticity of the public key directory,” Dashlane’s Frederic Rivainexplainedin a blog post.“If an attacker were able to substitute the user’s public key with their own, the attacker could gain access to the contents of shared items encrypted with the malicious public key.” Rivain added, “This is a known, industry‑wide challenge.”Bitwarden notedthat of the 10 issues reported by the researchers — each rated as having medium or low impact — seven have been or are in the process of being addressed. However, three of the flaws “have been accepted as intentional design decisions necessary for product functionality”.LastPass toldSecurityWeekthat it appreciates the research but also suggested that it disagrees with some of the researchers’ assessments.“While our own assessment of these risks may not fully align with the severity ratings assigned by the ETH Zurich team, we take all reported security findings seriously. We have already implemented multiple near‑term hardening measures while also establishing plans to remediate or reinforce the relevant components of our service on a timeline commensurate with the assessed risk,” a spokesperson stated.[ Read:LastPass Users Targeted With Backup-Themed Phishing Emails]1Password has also been analyzed and the researchers managed to achieve full compromise of vault confidentiality and integrity, allowing an attacker to obtain passwords and other sensitive data stored in the vault, as well as to add items to the vault.However, Jacob DePriest, CISO and CIO of 1Password, toldSecurityWeekthat the attack vectors identified by the researchers had already been documented in the company’s publicly availableSecurity Design White Paper.“We are committed to continually strengthening our security architecture and evaluating it against advanced threat models, including malicious-server scenarios like those described in the research, and evolving it over time to maintain the protections our users rely on,” DePriest said.He added, “For example, 1Password uses Secure Remote Password (SRP) to authenticate users without transmitting encryption keys to our servers, helping mitigate entire classes of server-side attacks. More recently, we introduced anew capabilityfor enterprise-managed credentials, which from the start are created and secured to withstand sophisticated threats.”Related:Password Managers Vulnerable to Data Theft via ClickjackingRelated:Analysis of 6 Billion Passwords Shows Stagnant User Behavior

They demonstrated that in many cases an attacker could not only view users’ credentials but also modify them.Password managers respondSome of the vendors pointed out that the attack methods identified by the researchers require full compromise of a password manager’s servers and advanced skills to conduct cryptographic attacks.Dashlane toldSecurityWeekthat some of the findings require “either specific circumstances and/or an extremely significant window of time”.The vendors have been notified and rolled out patches and mitigations for many of the vulnerabilities, but pointed out that some issues are difficult to address.“When users share items, symmetric keys are encrypted with the recipient’s public keys. As with most server‑mediated end-to-end encrypted (E2EE) systems, this creates a structural dependency on the authenticity of the public key directory,” Dashlane’s Frederic Rivainexplainedin a blog post.“If an attacker were able to substitute the user’s public key with their own, the attacker could gain access to the contents of shared items encrypted with the malicious public key.” Rivain added, “This is a known, industry‑wide challenge.”Bitwarden notedthat of the 10 issues reported by the researchers — each rated as having medium or low impact — seven have been or are in the process of being addressed. However, three of the flaws “have been accepted as intentional design decisions necessary for product functionality”.LastPass toldSecurityWeekthat it appreciates the research but also suggested that it disagrees with some of the researchers’ assessments.“While our own assessment of these risks may not fully align with the severity ratings assigned by the ETH Zurich team, we take all reported security findings seriously. We have already implemented multiple near‑term hardening measures while also establishing plans to remediate or reinforce the relevant components of our service on a timeline commensurate with the assessed risk,” a spokesperson stated.[ Read:LastPass Users Targeted With Backup-Themed Phishing Emails]1Password has also been analyzed and the researchers managed to achieve full compromise of vault confidentiality and integrity, allowing an attacker to obtain passwords and other sensitive data stored in the vault, as well as to add items to the vault.However, Jacob DePriest, CISO and CIO of 1Password, toldSecurityWeekthat the attack vectors identified by the researchers had already been documented in the company’s publicly availableSecurity Design White Paper.“We are committed to continually strengthening our security architecture and evaluating it against advanced threat models, including malicious-server scenarios like those described in the research, and evolving it over time to maintain the protections our users rely on,” DePriest said.He added, “For example, 1Password uses Secure Remote Password (SRP) to authenticate users without transmitting encryption keys to our servers, helping mitigate entire classes of server-side attacks. More recently, we introduced anew capabilityfor enterprise-managed credentials, which from the start are created and secured to withstand sophisticated threats.”Related:Password Managers Vulnerable to Data Theft via ClickjackingRelated:Analysis of 6 Billion Passwords Shows Stagnant User Behavior

Some of the vendors pointed out that the attack methods identified by the researchers require full compromise of a password manager’s servers and advanced skills to conduct cryptographic attacks.Dashlane toldSecurityWeekthat some of the findings require “either specific circumstances and/or an extremely significant window of time”.The vendors have been notified and rolled out patches and mitigations for many of the vulnerabilities, but pointed out that some issues are difficult to address.“When users share items, symmetric keys are encrypted with the recipient’s public keys. As with most server‑mediated end-to-end encrypted (E2EE) systems, this creates a structural dependency on the authenticity of the public key directory,” Dashlane’s Frederic Rivainexplainedin a blog post.“If an attacker were able to substitute the user’s public key with their own, the attacker could gain access to the contents of shared items encrypted with the malicious public key.” Rivain added, “This is a known, industry‑wide challenge.”Bitwarden notedthat of the 10 issues reported by the researchers — each rated as having medium or low impact — seven have been or are in the process of being addressed. However, three of the flaws “have been accepted as intentional design decisions necessary for product functionality”.LastPass toldSecurityWeekthat it appreciates the research but also suggested that it disagrees with some of the researchers’ assessments.“While our own assessment of these risks may not fully align with the severity ratings assigned by the ETH Zurich team, we take all reported security findings seriously. We have already implemented multiple near‑term hardening measures while also establishing plans to remediate or reinforce the relevant components of our service on a timeline commensurate with the assessed risk,” a spokesperson stated.[ Read:LastPass Users Targeted With Backup-Themed Phishing Emails]1Password has also been analyzed and the researchers managed to achieve full compromise of vault confidentiality and integrity, allowing an attacker to obtain passwords and other sensitive data stored in the vault, as well as to add items to the vault.However, Jacob DePriest, CISO and CIO of 1Password, toldSecurityWeekthat the attack vectors identified by the researchers had already been documented in the company’s publicly availableSecurity Design White Paper.“We are committed to continually strengthening our security architecture and evaluating it against advanced threat models, including malicious-server scenarios like those described in the research, and evolving it over time to maintain the protections our users rely on,” DePriest said.He added, “For example, 1Password uses Secure Remote Password (SRP) to authenticate users without transmitting encryption keys to our servers, helping mitigate entire classes of server-side attacks. More recently, we introduced anew capabilityfor enterprise-managed credentials, which from the start are created and secured to withstand sophisticated threats.”Related:Password Managers Vulnerable to Data Theft via ClickjackingRelated:Analysis of 6 Billion Passwords Shows Stagnant User Behavior

Dashlane toldSecurityWeekthat some of the findings require “either specific circumstances and/or an extremely significant window of time”.The vendors have been notified and rolled out patches and mitigations for many of the vulnerabilities, but pointed out that some issues are difficult to address.“When users share items, symmetric keys are encrypted with the recipient’s public keys. As with most server‑mediated end-to-end encrypted (E2EE) systems, this creates a structural dependency on the authenticity of the public key directory,” Dashlane’s Frederic Rivainexplainedin a blog post.“If an attacker were able to substitute the user’s public key with their own, the attacker could gain access to the contents of shared items encrypted with the malicious public key.” Rivain added, “This is a known, industry‑wide challenge.”Bitwarden notedthat of the 10 issues reported by the researchers — each rated as having medium or low impact — seven have been or are in the process of being addressed. However, three of the flaws “have been accepted as intentional design decisions necessary for product functionality”.LastPass toldSecurityWeekthat it appreciates the research but also suggested that it disagrees with some of the researchers’ assessments.“While our own assessment of these risks may not fully align with the severity ratings assigned by the ETH Zurich team, we take all reported security findings seriously. We have already implemented multiple near‑term hardening measures while also establishing plans to remediate or reinforce the relevant components of our service on a timeline commensurate with the assessed risk,” a spokesperson stated.[ Read:LastPass Users Targeted With Backup-Themed Phishing Emails]1Password has also been analyzed and the researchers managed to achieve full compromise of vault confidentiality and integrity, allowing an attacker to obtain passwords and other sensitive data stored in the vault, as well as to add items to the vault.However, Jacob DePriest, CISO and CIO of 1Password, toldSecurityWeekthat the attack vectors identified by the researchers had already been documented in the company’s publicly availableSecurity Design White Paper.“We are committed to continually strengthening our security architecture and evaluating it against advanced threat models, including malicious-server scenarios like those described in the research, and evolving it over time to maintain the protections our users rely on,” DePriest said.He added, “For example, 1Password uses Secure Remote Password (SRP) to authenticate users without transmitting encryption keys to our servers, helping mitigate entire classes of server-side attacks. More recently, we introduced anew capabilityfor enterprise-managed credentials, which from the start are created and secured to withstand sophisticated threats.”Related:Password Managers Vulnerable to Data Theft via ClickjackingRelated:Analysis of 6 Billion Passwords Shows Stagnant User Behavior

The vendors have been notified and rolled out patches and mitigations for many of the vulnerabilities, but pointed out that some issues are difficult to address.“When users share items, symmetric keys are encrypted with the recipient’s public keys. As with most server‑mediated end-to-end encrypted (E2EE) systems, this creates a structural dependency on the authenticity of the public key directory,” Dashlane’s Frederic Rivainexplainedin a blog post.“If an attacker were able to substitute the user’s public key with their own, the attacker could gain access to the contents of shared items encrypted with the malicious public key.” Rivain added, “This is a known, industry‑wide challenge.”Bitwarden notedthat of the 10 issues reported by the researchers — each rated as having medium or low impact — seven have been or are in the process of being addressed. However, three of the flaws “have been accepted as intentional design decisions necessary for product functionality”.LastPass toldSecurityWeekthat it appreciates the research but also suggested that it disagrees with some of the researchers’ assessments.“While our own assessment of these risks may not fully align with the severity ratings assigned by the ETH Zurich team, we take all reported security findings seriously. We have already implemented multiple near‑term hardening measures while also establishing plans to remediate or reinforce the relevant components of our service on a timeline commensurate with the assessed risk,” a spokesperson stated.[ Read:LastPass Users Targeted With Backup-Themed Phishing Emails]1Password has also been analyzed and the researchers managed to achieve full compromise of vault confidentiality and integrity, allowing an attacker to obtain passwords and other sensitive data stored in the vault, as well as to add items to the vault.However, Jacob DePriest, CISO and CIO of 1Password, toldSecurityWeekthat the attack vectors identified by the researchers had already been documented in the company’s publicly availableSecurity Design White Paper.“We are committed to continually strengthening our security architecture and evaluating it against advanced threat models, including malicious-server scenarios like those described in the research, and evolving it over time to maintain the protections our users rely on,” DePriest said.He added, “For example, 1Password uses Secure Remote Password (SRP) to authenticate users without transmitting encryption keys to our servers, helping mitigate entire classes of server-side attacks. More recently, we introduced anew capabilityfor enterprise-managed credentials, which from the start are created and secured to withstand sophisticated threats.”Related:Password Managers Vulnerable to Data Theft via ClickjackingRelated:Analysis of 6 Billion Passwords Shows Stagnant User Behavior

“When users share items, symmetric keys are encrypted with the recipient’s public keys. As with most server‑mediated end-to-end encrypted (E2EE) systems, this creates a structural dependency on the authenticity of the public key directory,” Dashlane’s Frederic Rivainexplainedin a blog post.“If an attacker were able to substitute the user’s public key with their own, the attacker could gain access to the contents of shared items encrypted with the malicious public key.” Rivain added, “This is a known, industry‑wide challenge.”Bitwarden notedthat of the 10 issues reported by the researchers — each rated as having medium or low impact — seven have been or are in the process of being addressed. However, three of the flaws “have been accepted as intentional design decisions necessary for product functionality”.LastPass toldSecurityWeekthat it appreciates the research but also suggested that it disagrees with some of the researchers’ assessments.“While our own assessment of these risks may not fully align with the severity ratings assigned by the ETH Zurich team, we take all reported security findings seriously. We have already implemented multiple near‑term hardening measures while also establishing plans to remediate or reinforce the relevant components of our service on a timeline commensurate with the assessed risk,” a spokesperson stated.[ Read:LastPass Users Targeted With Backup-Themed Phishing Emails]1Password has also been analyzed and the researchers managed to achieve full compromise of vault confidentiality and integrity, allowing an attacker to obtain passwords and other sensitive data stored in the vault, as well as to add items to the vault.However, Jacob DePriest, CISO and CIO of 1Password, toldSecurityWeekthat the attack vectors identified by the researchers had already been documented in the company’s publicly availableSecurity Design White Paper.“We are committed to continually strengthening our security architecture and evaluating it against advanced threat models, including malicious-server scenarios like those described in the research, and evolving it over time to maintain the protections our users rely on,” DePriest said.He added, “For example, 1Password uses Secure Remote Password (SRP) to authenticate users without transmitting encryption keys to our servers, helping mitigate entire classes of server-side attacks. More recently, we introduced anew capabilityfor enterprise-managed credentials, which from the start are created and secured to withstand sophisticated threats.”Related:Password Managers Vulnerable to Data Theft via ClickjackingRelated:Analysis of 6 Billion Passwords Shows Stagnant User Behavior

“If an attacker were able to substitute the user’s public key with their own, the attacker could gain access to the contents of shared items encrypted with the malicious public key.” Rivain added, “This is a known, industry‑wide challenge.”Bitwarden notedthat of the 10 issues reported by the researchers — each rated as having medium or low impact — seven have been or are in the process of being addressed. However, three of the flaws “have been accepted as intentional design decisions necessary for product functionality”.LastPass toldSecurityWeekthat it appreciates the research but also suggested that it disagrees with some of the researchers’ assessments.“While our own assessment of these risks may not fully align with the severity ratings assigned by the ETH Zurich team, we take all reported security findings seriously. We have already implemented multiple near‑term hardening measures while also establishing plans to remediate or reinforce the relevant components of our service on a timeline commensurate with the assessed risk,” a spokesperson stated.[ Read:LastPass Users Targeted With Backup-Themed Phishing Emails]1Password has also been analyzed and the researchers managed to achieve full compromise of vault confidentiality and integrity, allowing an attacker to obtain passwords and other sensitive data stored in the vault, as well as to add items to the vault.However, Jacob DePriest, CISO and CIO of 1Password, toldSecurityWeekthat the attack vectors identified by the researchers had already been documented in the company’s publicly availableSecurity Design White Paper.“We are committed to continually strengthening our security architecture and evaluating it against advanced threat models, including malicious-server scenarios like those described in the research, and evolving it over time to maintain the protections our users rely on,” DePriest said.He added, “For example, 1Password uses Secure Remote Password (SRP) to authenticate users without transmitting encryption keys to our servers, helping mitigate entire classes of server-side attacks. More recently, we introduced anew capabilityfor enterprise-managed credentials, which from the start are created and secured to withstand sophisticated threats.”Related:Password Managers Vulnerable to Data Theft via ClickjackingRelated:Analysis of 6 Billion Passwords Shows Stagnant User Behavior

Bitwarden notedthat of the 10 issues reported by the researchers — each rated as having medium or low impact — seven have been or are in the process of being addressed. However, three of the flaws “have been accepted as intentional design decisions necessary for product functionality”.LastPass toldSecurityWeekthat it appreciates the research but also suggested that it disagrees with some of the researchers’ assessments.“While our own assessment of these risks may not fully align with the severity ratings assigned by the ETH Zurich team, we take all reported security findings seriously. We have already implemented multiple near‑term hardening measures while also establishing plans to remediate or reinforce the relevant components of our service on a timeline commensurate with the assessed risk,” a spokesperson stated.[ Read:LastPass Users Targeted With Backup-Themed Phishing Emails]1Password has also been analyzed and the researchers managed to achieve full compromise of vault confidentiality and integrity, allowing an attacker to obtain passwords and other sensitive data stored in the vault, as well as to add items to the vault.However, Jacob DePriest, CISO and CIO of 1Password, toldSecurityWeekthat the attack vectors identified by the researchers had already been documented in the company’s publicly availableSecurity Design White Paper.“We are committed to continually strengthening our security architecture and evaluating it against advanced threat models, including malicious-server scenarios like those described in the research, and evolving it over time to maintain the protections our users rely on,” DePriest said.He added, “For example, 1Password uses Secure Remote Password (SRP) to authenticate users without transmitting encryption keys to our servers, helping mitigate entire classes of server-side attacks. More recently, we introduced anew capabilityfor enterprise-managed credentials, which from the start are created and secured to withstand sophisticated threats.”Related:Password Managers Vulnerable to Data Theft via ClickjackingRelated:Analysis of 6 Billion Passwords Shows Stagnant User Behavior

LastPass toldSecurityWeekthat it appreciates the research but also suggested that it disagrees with some of the researchers’ assessments.“While our own assessment of these risks may not fully align with the severity ratings assigned by the ETH Zurich team, we take all reported security findings seriously. We have already implemented multiple near‑term hardening measures while also establishing plans to remediate or reinforce the relevant components of our service on a timeline commensurate with the assessed risk,” a spokesperson stated.[ Read:LastPass Users Targeted With Backup-Themed Phishing Emails]1Password has also been analyzed and the researchers managed to achieve full compromise of vault confidentiality and integrity, allowing an attacker to obtain passwords and other sensitive data stored in the vault, as well as to add items to the vault.However, Jacob DePriest, CISO and CIO of 1Password, toldSecurityWeekthat the attack vectors identified by the researchers had already been documented in the company’s publicly availableSecurity Design White Paper.“We are committed to continually strengthening our security architecture and evaluating it against advanced threat models, including malicious-server scenarios like those described in the research, and evolving it over time to maintain the protections our users rely on,” DePriest said.He added, “For example, 1Password uses Secure Remote Password (SRP) to authenticate users without transmitting encryption keys to our servers, helping mitigate entire classes of server-side attacks. More recently, we introduced anew capabilityfor enterprise-managed credentials, which from the start are created and secured to withstand sophisticated threats.”Related:Password Managers Vulnerable to Data Theft via ClickjackingRelated:Analysis of 6 Billion Passwords Shows Stagnant User Behavior

“While our own assessment of these risks may not fully align with the severity ratings assigned by the ETH Zurich team, we take all reported security findings seriously. We have already implemented multiple near‑term hardening measures while also establishing plans to remediate or reinforce the relevant components of our service on a timeline commensurate with the assessed risk,” a spokesperson stated.[ Read:LastPass Users Targeted With Backup-Themed Phishing Emails]1Password has also been analyzed and the researchers managed to achieve full compromise of vault confidentiality and integrity, allowing an attacker to obtain passwords and other sensitive data stored in the vault, as well as to add items to the vault.However, Jacob DePriest, CISO and CIO of 1Password, toldSecurityWeekthat the attack vectors identified by the researchers had already been documented in the company’s publicly availableSecurity Design White Paper.“We are committed to continually strengthening our security architecture and evaluating it against advanced threat models, including malicious-server scenarios like those described in the research, and evolving it over time to maintain the protections our users rely on,” DePriest said.He added, “For example, 1Password uses Secure Remote Password (SRP) to authenticate users without transmitting encryption keys to our servers, helping mitigate entire classes of server-side attacks. More recently, we introduced anew capabilityfor enterprise-managed credentials, which from the start are created and secured to withstand sophisticated threats.”Related:Password Managers Vulnerable to Data Theft via ClickjackingRelated:Analysis of 6 Billion Passwords Shows Stagnant User Behavior

Source: SecurityWeek