Unauthorized access to unlocked vault and decrypted data in memory

While the vault is locked the data is secured. What is the situation when I set vault lock time to 5 minutes and started working in other app while BW is running in background with vault unlocked for 5 minutes. Provided there are no keyloggers and malware.

  1. Can any open apps or OS (all OS) to access my vault data?
  2. Is it possible for any open apps (running in foreground or background) or OS (all OS) to access the decrypted data in memory?
  3. What kind of security is provided by BW while data is decrypted?

Any process running as User (or with higher privileges) can access your decrypted vault contents from memory while the vault is unlocked. Therefore, it is your responsibility to keep your vault locked while not in use, and to keep malware off any devices on which you use Bitwarden.

The only security provided by Bitwarden while the vault is unlocked (i.e., decrypted) is to optionally enforce a master password reprompt for viewing passwords (and other hidden data), a measure which may prevent “crimes of opportunity” by curious individuals who have no special knowledge but who may decide to click around in the UI of an unlocked and unattended Bitwarden app.


It will be better if Bitwarden implements Memory protection, process isolation, secure storage mechanism and secure memory management to reduce this risk. Also I think sandboxing is better in Android ,iOS & Linux kernel compared to Windows.

I should clarify that the response I gave above about memory access is specifically for Windows operating systems; I do not know how other operating systems behave with regards to this issue.

If you have any ideas for how to improve the Bitwarden codebase, I would encourage you to become a contributor. To get started, please refer to the following information:

1 Like

Windows doesn’t have the best security mechanisms to protect against malware, including keyloggers, that can evade antivirus/anti-malware software. If malware is running while Bitwarden is unlocked, anything can happen. This is a problem with most other password managers as well. Some password managers may have better protection against certain types of malware, like autotyping against keyloggers.

Bitwarden does use OS-provided security features, like Data Execution Prevention, Address Space Load Optimization, and Control Flow Guard, but these features are mostly just a hassle to unsophisticated malware.

To protect your passwords on Windows, you should do your best to keep malware off your system. This may mean uninstalling unmaintained software, only using software from the most reputable sources, and keeping an eye on all the software you use in case it becomes compromised or is part of a supply-chain attack. This can be difficult for the average user, so if you want a better guarantee of security, you should use an OS with more restrictive security models. However, this may not be an option for everyone, especially techies who believe they should be allowed to do anything they want on their devices.

1 Like