Bitwarden - The unofficial Bitwarden community

904 readers

1 users here now

Please do note that this an unofficial community.

Bitwarden - Open source password manager

Bitwarden is an open source password management platform for individuals, teams, and business organizations.

founded 3 years ago

MODERATORS

[email protected]

Bitwarden Windows Client vulnerability prior to 2023.4.0: CVE-2023-27706 (sh.itjust.works)

submitted 1 year ago by [email protected] to c/[email protected]

0 comments fedilink hide all child comments

https://nvd.nist.gov/vuln/detail/CVE-2023-27706

Bitwarden Desktop v1.20.0 and above stores the biometric key in plaintext which allows a local attacker to decrypt the entire local vault if you are using Windows Hello and are not on the latest version. The Bitwarden Windows client before version 2023.4.0 is affected.

Details here: https://hackerone.com/reports/1874155

(shamelessly stolen from reddit)

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here