Higher MITM risk using web vault

As it was requested at GitHub, there’s a higher risk of attack on the web vault.

Description

When using the web vault, the passwords are decrypted locally and the master password isn’t sent to the servers. This is secure.

If Bitwarden servers were hacked, yes, the hacker can’t do anything with the data, as it is encrypted, but he could inject a JavaScript that sends your master password to some server.

Possible solution

I can’t really think of any solution to this problem. But as it was mentioned at GitHub, the web vault could encourage users to use the extension or the app, as the risk of them being hacked and uploaded to the app stores / browser extensions is smaller.

Further problems

Although warning about the web vault could increase the security a little bit, there are other open attack vectors. One of them would be replacing the applications from https://bitwarden.com/download/ with malicious ones (this wouldn’t require uploading to app stores / browser extensions). I think this more of a general problem with password managers, so I don’t know if this could ever be solved.

Bitwarden is hosted on Azure and it is managed, so I would say that the possibility of such attack is small, but still, no system can ever be 100.00% secure.

Don’t all web clients suffer the same problems? Proton Mail, Tutanota, WhatsApp, etc,
The web vault is important and essential for managing organizations, collections, etc. Lot of policies are also managed from the web vault which cannot be done from any other client.

1 Like

Yes, they do, they all are susceptible to this. The question is, is there any way of making it more secure? I can’t think of any. The web page might be HTTPS, but the user has to always trust that the server wasn’t compromised.

I understand the importance of the web vault. I personally use it too. I don’t mean it to be replaced.

How about placing an onion link to the website on TOR, offering those interested a full onion url? That way there is no clearnet for those users. Granted many users will NOT consider this because of the perception of more rigor, but actually TOR is a pussycat once you start using it.

1 Like

That’s actually a good idea. It doesn’t do much for the issue of the server itself being compromised, but I believe your idea deserves its own feature request (although in conjunction with Tor I would use something like KeePassXC instead).