For those of you who do not listen to the Security Now Podcast, Steve Gibson has published a way to get, download and de-obfuscate your old LastPass vault. This will allow you to make an Excel spreadsheet of what was there, and for me allows me to mark the passwords that were mission critical and that I have changed.
2 Likes
Apologies for the off-topic response, but the fact that it is possible to do this (execute some Javascript that creates a vault dump) seems like a security vulnerability to me.
Therefore, I’m wondering whether it would be possible to do something similar in Bitwarden. If so, what safeguards are there that prevents a malicious website or browser extension from using this approach to access the vault contents?
You can download the code and modify it if applicable. If you are not familiar with the podcast, I would strongly recommend it. Steve spent 2h last week on LastPass and I have not heard this week yet, but it the follow-up.
It is part of the TWIT (This Week in Technology) network and I believe they are supporting Bitwarden. They are embarrassed because they supported LP when it came out…
There is a story to the code, whose creation was facilitated by AI… hence it got out fast…
have we learned how attachments to notes were treated? might they have been separate from the vault data?