I’m not sure if this is the correct place to post the following, however I have reported to bitwarden what I consider a relatively serious bug, which has been confirmed by their team, but has not yet been patched, after a couple months, as far as I can tell. I would like to know if others are able to produce this bug.
Environment: ios 13, safari browser (tested on iphone and ipad)
Situation: navigate to any website which you have user accounts saved (eg. google.com), and navigate to the login screen, click on on the user/password field, at which point the password manager will be activated (this might behave slightly differently depending on if you have enabled autofill enabled). Since I have autofill enabled, if will show me a list of all the user accounts saved to my vault that are associated with this url.
Hopefully, I don’t have to point out why is an undesirable security/privacy bug.