I doubt that this ability is provided for by design. The only useful purpose that I can image is that if you have an alternative way of accessing your Web Vault (e.g., Login with Passkey, or Login with Device), then requesting take-over access to your own account may provide you with a mechanism to reset your master password if you have forgotten it (Note: I haven’t tested this — it might fail if the user is asked to provide their master password when initiating an emergency access request, but I think that for users who logged in to the Web Vault without a master password, they would be prompted for an email verification code instead).
To me, the real question is whether having this capability can cause any harm (in which case it would make sense to petition Bitwarden to implement a block to such self-assigned emergency access). A cursory review of the whitepaper suggests that it could potentially allow an attacker who gains access to (or is able to crack) the user’s RSA public key to then obtain the User Symmetric Key.
@Micah_Edelblut In connection to that: I never tested this, but is there a check (and blocker) when you try to change your BW account email address to one of your emergency contacts? – If not, this should also be looked at then.
@Micah_Edelblut Ah, right! But hypothetically: if that BW account would be deleted in between, it does not get automatically removed from the emergency contacts, right? Could then still be a loophole, as then a BW account email address change could be possible? (or maybe I’m just talking rubbish this morning…)
To me, the real question is whether having this capability can cause any harm (in which case it would make sense to petition Bitwarden to implement a block to such self-assigned emergency access). A cursory review of the whitepaper suggests that it could potentially allow an attacker who gains access to (or is able to crack) the user’s RSA public key to then obtain the User Symmetric Key.
Unless you have a quantum-computer with significant amount of qubits (such a device does not exist currently), access to the public-key does not give you a known way to get the user-symmetric-key from the public-key-encrypted-user-symmetric-key.
Essentially, we are saying “there is a [safe] key-sharing-mechanism, and instead of user A sharing to user B, it is user A sharing to user A”. If user A sharing to user A were attackable merely by knowing the public key, then user B sharing to user A would also be attackable in the same way, and emergency access would not be safe as a feature. Sharing it to yourself does not add any additional threat.
