Bitwarden Security Breach

Bitwarden is an open source password manager from Bitwarden Inc. in the United States. A security vulnerability exists in Bitwarden Desktop version v.2023.5.1, which originated from a vulnerability that allows a local attacker to obtain sensitive information via bitwarden.exe...

CVE-2023-38840

Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process...

PT-2023-26623 · Bitwarden · Bitwarden Desktop

Name of the Vulnerable Software and Affected Versions: Bitwarden Desktop versions 2023.7.0 and below Description: The issue allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process. A local attacker can exploit this to gain access to sensitive data...

CVE-2023-38840

CVE-2023-38840 affects Bitwarden Desktop versions 2023.7.0 and earlier. The vulnerability allows a local attacker to obtain sensitive information via the Bitwarden.exe process. The description and connected sources confirm a local-access information disclosure vector, but the documents do not spe...

SUSE CVE-2023-27706

Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes...

CVE-2023-27706

Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes...

CVE-2023-27706

Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes...

CVE-2023-27706

Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes...

Code injection

Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes...

PT-2023-21302 · Bitwarden · Bitwarden Windows Desktop Application

Name of the Vulnerable Software and Affected Versions: Bitwarden Windows desktop application versions prior to v2023.4.0 Description: The issue concerns the storage of biometric keys in the Windows Credential Manager by the Bitwarden Windows desktop application, making them accessible to other...

CVE-2023-27706

Summary: CVE-2023-27706 affects the Bitwarden Windows desktop client prior to v2023.4.0. The issue is that biometric keys were stored in Windows Credential Manager, making them accessible to other local unprivileged processes. This creates a risk of unauthorized access to biometric material used ...

Bitwarden 安全漏洞

Bitwarden is an open source password manager from Bitwarden Inc. in the United States. A security vulnerability exists in Bitwarden Desktop version v1.20.0 and prior versions, which stems from storing biometric keys in plaintext, allowing a local attacker to decrypt the entire local vault...

CVE-2023-27706

Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes...

CVE-2023-27706

Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes...

Bitwarden: Bypass for forced re-authentication upon biometrics change

A vulnerability allowed an attacker with physical access to a phone to bypass biometric authentication in the Bitwarden app, granting access to view and delete passwords...

CVE-2018-25081

Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations e.g., an apple.com IFRAME element on the icloud.com website and that "Auto-fill on page load" is not...

CVE-2023-27974

Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that "Auto-fill on page load" is not enabled by default...

CVE-2023-27974

Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that "Auto-fill on page load" is not enabled by default...

CVE-2018-25081

Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations e.g., an apple.com IFRAME element on the icloud.com website and that "Auto-fill on page load" is not...

CVE-2023-27974

Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. NOTE: the vendor's position is that "Auto-fill on page load" is not enabled by default...