Article: Bitwarden Heist - How to Break Into Password Vaults Without Using Passwords

Just found a rather eye-opening article that I think people here would be interested in:

Beware that - as the article points out - this has been independently discovered, reported, and fixed nearly a year ago and disclosed half a year ago.

Here is a copy of Bitwarden founder @kspearrin’s statement when this vulnerability was previously discussed on Reddit 6 months ago:

 

Also, here is a link to the Reddit community’s discussion of the RedTeam Pentesting blog article:

1 Like

I never said or implied that BitWarden was still vulnerable, and anybody who reads the first paragraph or the article will see that as well.

Nonetheless, it’s an interesting read not just because it involves BitWarden, but it also highlights a potential exploit vector through AD controller that people might not realize exists.

1 Like