We can say that using password managers is a good option to protect access codes. They serve to store them, generate them correctly and not have to memorize them. That gives us the freedom to have really strong keys. The problem is that sometimes they can arise vulnerabilities and have those passwords exposed. This is what has happened with Bitwardenwhich is one of the most popular key managers.
A bug allows Bitwarden passwords to be stolen
If you have used Bitwarden to store your keys, be careful because they could have been stolen. Specifically, hackers have been able to use iframes to steal passwords. They have been able to exploit autocomplete and allow malicious iframes on trusted websites to steal user credentials.
This is not a current novelty, but the fact that a group of security researchers from flash point has indicated that legitimate web pages using iframes still exist and can be exploited by hackers.
But what exactly is this function? When you enter a website, for example a page to buy a product, you enter your data and passwords. The bitwarden extension stores them so you don’t have to put them back next time. Basically what it does is remember them and saves us time when we have to enter again. It is something that Google’s key manager also has, for example.
The problem is that from Flashpoint, while analyzing Bitwarden, they detected that the extension also autofill forms defined in embedded iframes, something that can also happen in external domains. What it can do is wait for the victim to put their data in and forward it to a remote server controlled by the attackers.
But they detected a second problem. While investigating, they found that Bitwarden will also autofill credentials on subdomains of the base domain that match a login. This allows an attacker hosting a Phishing website under a subdomain that matches a stored login to capture the credentials when the victim visits that site.
How to avoid problems
From Bitwarden they have indicated that the autocomplete function is a potential risk and that they warn of it. Compromised websites can abuse this feature. Our advice is that if you have used this password manager and they have used this autocomplete feature, check your passwords well and change them to avoid problems.
You can always check if a password has been stolen and take action as soon as possible. However, our advice is always to periodically update the access codes. This is the best in order to avoid vulnerabilities that may appear, not only in key managers but in any platform you use on the network.
Also, it’s a good idea enable two-factor authentication on all platforms where it is available. It’s an extra security barrier that you can use to prevent them from breaking into your accounts even if they manage to steal the password. They will always need a second step. Using offline password managers is also a good idea to avoid external problems.
In short, as you can see, there has been a new problem that affects an important password manager such as Bitwarden. Taking precautions and acting correctly when problems arise is key to properly protecting accounts.
