Hello , my query is related to this topic.
I was looking for a clarification regarding the website-icon cache that is stored locally on our computer (and not about fetching the websites-icons from the endpoints.)
Unfortunately the help article “Privacy when using Website Icons | Bitwarden Help & Support” does not mention anything about the security of local cached storage of website icons.
On doing some checks myself , i found that the website icons were stored in an unencrypted format in the cached local storage, which could be viewed with any image viewer irrespective of lock state of the vault. Though some of them threw unsupported error but still could manage to see some of the web-icons. The directory i am referring to in case of windows is C:\users\user\AppData\Roaming\Bitwarden\Cache.
It would be great if there was some clarification regarding this.
If its the case as i indicated above , then it might be good idea to disclose it somewhere as to enable users to be better aware about their privacy/security threats.
For example- This might helpful for a user to decide, whether to keep website-icons on or off on a work computer/ etc.
I hope this would be clarified soon.
Thanks