Vulnerabilities in password managers allow hackers to view and change passwords
A group of academic security researchers have detailed a set of vulnerabilities in four popular cloud-based password managers that could allow an attacker to view and change the passwords stored in a victim’s vaults.
The researchers, from ETH Zurich and the Università della Svizzera italiana (USI), in Switzerland, developed 27 successful attack scenarios targeting cloud-based password management services from Bitwarden, LastPass, Dashlane and 1Password.
The attacks ranged in severity from integrity violations to the complete compromise of all vaults in an organization, with many of these scenarios allowing attackers to recover passwords.
Read more at Infosecurity Magazine