Bitwarden Heist - How to Break into Password Vaults Without Using Passwords

blog.redteam-pentesting.de Bitwarden Heist - How to Break into Password Vaults without Using Passwords

Sometimes, making particular security design decisions can have unexpected consequences. For security-critical software, such as password managers, this can easily lead to catastrophic failure: In this blog post, we show how Bitwarden’s Windows Hello …

Hacker News @derp.foo haxor @derp.foo

BOT

10 mo. ago

Bitwarden Heist – How to Break into Password Vaults Without Using Passwords

blog.redteam-pentesting.de /2024/bitwarden-heist/

Security @lemmy.ml pimterry @lemmy.world 10 mo. ago

Bitwarden Heist - How to Break Into Password Vaults Without Using Passwords

blog.redteam-pentesting.de /2024/bitwarden-heist/

Cybersecurity @sh.itjust.works pimterry @lemmy.world 10 mo. ago

Bitwarden Heist - How to Break Into Password Vaults Without Using Passwords

blog.redteam-pentesting.de /2024/bitwarden-heist/

2 comments

That's scary, I use Bitwarden. But it sounds like for this to work the attacker needs to have already compromised the organization's domain controller and the user needs to have enabled biometrics, which I never do.
- Permanently Deleted
  
  Yea. I stopped reading after "Windows Hello".
- The article completely dismissed the process of compromising the domain controller for reasons that aren't clear to me, but they are clearly trying to say that it was so easy they consider it SOP as a first step for pen testing.