Is there any change that another program can read Bitwarden memory?


This morning, I started my laptop, and Kaspersky reported that it previously failed to start.
It wanted to send logs about OS operations and some other debugging data to Kaspersky.

This makes me wonder if other programs can read the memory of Bitwarden.

As I understand, Bitwarden retains the encryption key in memory after I log in then lock the vault, if I opt to use PIN or Windows Hello to unlock the vault.

I found some reports state that in Windows programs running with the same user ID can read memory of each other.

Does anyone have a deep understanding about this?


I cannot answer this, but it is something that concerns me also - not just regarding Bitwarden, but other password managers too. For that reason I always log out of Lastpass (my current PW manager) before even thinking about uploading any logs or running any sorts of diagnostics which may send data somewhere. Maybe I am paranoid and no such precautions are necessary but when your vault holds the MOST sensitive of data, I think it’s right to be paranoid.


In the context of Application A reading Application B’s memory - under ‘normal’ circumstances, it’s not readily accessible (but depending on OS, permissions, etc. - that could be different - and anyone with further understanding/details, please chime in).

That being said, other applications can use tools and mechanisms to gain access to that memory - which is why using a compromised device makes most security practices moot.

Is it something that upstanding companies and applications would do? I’d say not normally, and probably not in a malicious way if they did, but it is always better to take caution if you feel the need to.

1 Like


Thanks for update and quick reply, Really appreciate for help.

It’s dependent on many factors, including OS, OS version, patches installed, firmware, hardware, how the user is logged in, software that is installed, networks being used, and how each of those elements is configured. Even with everything done using best practices, weaknesses and exploits (and possibly backdoors) will likely still exist.

There are literally hundreds of millions of devices out there on which an application can perform direct memory access to read the memory of any other application.

Personally, I only recommend sending logs or telemetry in which you can verify every byte of data being transmitted and understand the meaning and purpose of each of those bytes. That means if the data being transmitted is encrypted, having the cipher and keys to that encryption protocol.

Thank everyone for giving me answers/advices.

I am storing my crypto seed in Note section of Bitwarden. I like the feature Hidden Field in Note.

I decide that antivirus software is trust worthy.
And as I am pretty careful when installing softwares on my PCs, I am quite sure that it is clean. As long as these PCs are clean, I should not worry.