I base my claim on the fact that I can run a portable memory editor in user space of standard user, and without any kind of UAC elevation or operating system exploits, the memory editor can read the unencrypted memory of a Bitwarden vault running in the same user space. What is to stop a keylogger from doing the same thing?
I stand corrected, my apologies; thanks for sharing. Iâve clearly got more reading to do on this subject.
Though, perhaps Bitwarden could encrypt its RAM via the TPM? That might not be viable in JavaScript/without native code managing the vault though.
1 Like
My understanding is the hardware security keys like Yubikey when using WebAuthn (not OTP) provide resistance to keylogging. Doesnât mean there are not other attack vector available if malware has taken over your computer.
Would something like keyscrambler help here?
For software keyloggers - yes. But there could also be a hardware keylogger which only has access to keyboard input.
1 Like