Option to Autofill Only the Selected Text Box

Feature name

Option to Autofill Only the Selected Text Box

Feature function

Seeing the articles about the iframe Autofill vulnerability got me thinking about any way to avoid having passwords sent where I don’t expect them to. If there were a way to autofill (ideally via hotkey, as that is my preferred workflow) ONLY the currently-selected textbox, that would avoid this, I believe. Perhaps this could be implemented alongside the below-linked feature request (such as by adding a checkbox configured for each site so it can be enabled on sites that disabling autofilling iframes breaks the Autofill). This could also be done in the mobile apps, as well.

Related topics + references

The source of the BleepingComputer piece is an article from FlashPoint https://flashpoint.io/blog/bitwarden-password-pilfering/

The TLDR seems to be that BitWarden will auto-fill iframes from different origins without even showing a warning.

Problem is I don’t think there is an easy fix as some legit websites use iframes in this way.

Maybe BitWarden could show a warning for iframes from different origins.

1 Like

hi folks, as noted in another community reply there are additions to iframe autofilling to address all concerns in the release next week. as has been noted, cases of a malicious iframe on a trusted login page are extremely rare

3 Likes

That’s great to hear! I look forward to seeing how this is addressed.

1 Like