Master password bypass vulnerability before export

@mrok Welcome to the forum!

This is not a previously unknown issue/vulnerability, because it is simply one of many ways to read the unencrypted vault contents that are contained in device memory while the vault is unlocked. It is well-known that it is trivial for a bad actor with physical access to a device that is running an unlocked Bitwarden client to extract a copy of the unencrypted vault contents. There is no need to do anything as complicated as what has been proposed by Mr. Pastusek, a simple memory dump will be sufficient.

It is the users’ responsibility to keep their vaults locked when not in use, and to secure their devices against access by unauthorized individuals. In a business environment, you could set up something like a group policy to enforce Dynamic Lock, so that computers are automatically locked when an employee steps away.

Since you’ve asked for “official clarification from Bitwarden”, I should make it clear that my comments are my own; I am not a Bitwarden representative or speak for them.

P.S. I have moved your post to the Ask the Community section of the forum, since it did not contain a feature proposal.