Password managers less secure than promised
ethz.ch
Researchers from ETH Zurich have discovered serious security vulnerabilities in three popular, cloud-based password managers. During testing, they were able to view and even make changes to stored passwords.
  • Millions of people use password managers. They make accessing online services and bank accounts easy and simplify credit card payments.
  • Many providers promise absolute security – the data is said to be so encrypted that even the providers themselves cannot access it.
  • However, researchers from ETH Zurich have shown that it is possible for hackers to view and even change passwords.
  • felbane@lemmy.worldEnglish
    1·
    1 小时前

    This is what Bitwarden claims to do, and yet we have a paper showing that with a compromised server there exists a vulnerability:

    Their attacks ranged from integrity violations affecting specific, targeted user vaults to the complete compromise of all vaults within an organisation using the service. In most cases, the researchers were able to gain access to the passwords – and even make changes to them.

    • iglou@programming.devEnglish
      1·
      46 分钟前

      What they claim to do and what they do is not necessarily the same. If done properly, the server does not need to be trusted.