Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers

Zero Knowledge Encryption is a term widely used by vendors of cloud-based password managers. Although it has no strict technical meaning, the term conveys the idea that the server, who stores encrypted password vaults on behalf of users, is unable to learn anything about the contents of those...

Study Uncovers 25 Password Recovery Attacks in Major Cloud Password Managers

A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions. "The attacks range in severity from integrity violations to the complete compromise of all vaults in an...

EUVD-2017-3269

Malware in sbrugna...

@capriza/far (>=0.1.2 <=2.4.2), @cobalt-engine/cobower (=2.0.0) +387 more potentially affected by CVE-2025-59343 via tar-fs (>=0.1.8 <=1.16.3)

tar-fs NPM version =0.1.8, =0.1.2, =6.0.3, =6.0.3, =6.0.3, =2.1.1, =0.10.2, =0.0.0-beta.1, =0.0.0-beta.1, =0.0.0-beta.1, =0.1.0, =0.1.0, =1.0.5, =1.1.2 - @elm-node/npm-scripts =1.0.0 - @hlsrules-test/fc-libreoffice =1.0.0 and more Source cves: CVE-2025-59343 Source advisory: OSV:GHSA-VJ76-C3G6-QR...

@capriza/far (>=0.1.2 <=2.4.2), @cobalt-engine/cobower (=2.0.0) +387 more potentially affected by CVE-2024-12905 via tar-fs (>=0.1.8 <=1.16.3)

tar-fs NPM version =0.1.8, =0.1.2, =6.0.3, =6.0.3, =6.0.3, =2.1.1, =0.10.2, =0.0.0-beta.1, =0.0.0-beta.1, =0.0.0-beta.1, =0.1.0, =0.1.0, =1.0.5, =1.1.2 - @elm-node/npm-scripts =1.0.0 - @hlsrules-test/fc-libreoffice =1.0.0 and more Source cves: CVE-2024-12905 Source advisory: OSV:GHSA-PQ67-2WWV-3X...

Malicious code in dashlane-vscode (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 79f2a48c1181725012456cc91fb5af9013cdea7e6e5b193c8cd5947f247a4d52 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10905 Malicious code in dashlane-vscode (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 79f2a48c1181725012456cc91fb5af9013cdea7e6e5b193c8cd5947f247a4d52 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-3781

Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data. This issue affects : Remote...

Devolutions Remote Desktop Manager 安全漏洞

Devolutions Remote Desktop Manager is an application from Devolutions Canada. It provides remote desktop management functionality. A security vulnerability exists in Devolutions Remote Desktop Manager version 2022.3.7 and prior versions, which stems from Dashlane passwords and Keepass Server...

PT-2022-24088 · Devolutions +1 · Devolutions Remote Desktop Manager +2

Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager versions 2022.2.26 and prior Devolutions Server versions 2022.3.1 and prior Description: The issue concerns the lack of encryption for Dashlane password and Keepass Server password in My Account Settings,...

blog.dashlane.com Improper Access Control vulnerability OBB-1202272

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Dashlane's Super Bowl Ad Proves Password Managers Have Arrived

A company you’ve never heard of is spending millions of dollars to let you know it can make your online life easier...

Get 4 Essential CyberSecurity Software For Less Than $10 Per Month

Major data breaches and cyber attacks are occurring at an alarming rate, and if you are still not using a VPN and password manager app, you are seriously out of excuses. Not just VPN software and a password manager, cybersecurity experts also recommend using antivirus and backup solutions to...

Get Dashlane Password Manager Premium (50% + 10% OFF)

Happy 'World Password Day'! Today is a good time for you to audit your password practices and stop using terrible passwords to protect your online accounts. Experts advice that: Your password must—be long Your password must—be unpredictable Your password must—have at least one number Your passwor...

Get Dashlane Password Manager Premium (50% + 10% OFF)

Happy 'World Password Day'! Today is a good time for you to audit your password practices and stop using terrible passwords to protect your online accounts. Experts advice that: Your password must—be long Your password must—be unpredictable Your password must—have at least one number Your passwor...

Dashlane Local Privilege Vulnerability

Dashlane is a system security software for the mobile platform from Dashlane Inc. There is a security vulnerability in Dashlane. A local attacker can exploit this vulnerability by placing the WINHTTP.dll file in the %APPDATA%Dashlane directory...

Directory traversal

Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory...

CVE-2017-11657

Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory...

CVE-2017-11657

Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory...

CVE-2017-11657

Dashlane on Windows is affected by a local privilege escalation (DLL hijacking) vulnerability: a local attacker could place a malicious WINHTTP.dll in %APPDATA%\Dashlane to gain higher privileges. The linked sources describe DLL hijacking as the method and indicate the vulnerability arises from h...