A group of academic security researchers have detailed a set of vulnerabilities in four popular cloud-based password managers that could allow an attacker to view and change the passwords stored in a victim’s vaults.<\/p>\n
The researchers, from ETH Zurich<\/a> and the Università della Svizzera italiana (USI), in Switzerland, developed 27 successful attack scenarios targeting cloud-based password management services from Bitwarden, LastPass, Dashlane and 1Password.<\/p>\n The attacks ranged in severity from integrity violations to the complete compromise of all vaults in an organization, with many of these scenarios allowing attackers to recover passwords.<\/p>\n These attack scenarios challenged the password management providers’ claims of offering ‘zero-knowledge encryption,’ which conveys the idea that the server storing the user vaults cannot learn anything about its contents, even if it is compromised.<\/p>\n The findings were published in a peer-reviewed paper<\/a> released on February 16 and will be the subject of a talk at the next USENIX Security Symposium<\/a>, which will be held in Baltimore, MD in August 2026.<\/p>\n The 27 attack scenarios developed by the researchers revealed common design anti-patterns and cryptographic misconceptions, including unauthenticated public keys, lack of ciphertext integrity, insufficient key separation and missing cryptographic binding between data and metadata.<\/p>\n They fell into four categories based on the password manager feature they exploited:<\/p>\n In total, the researchers presented 12 distinct attack scenarios against Bitwarden, seven against LastPass, six against Dashlane and two against 1Password.<\/p>\n They noted that, unlike the other three password managers, 1Password includes a high-entropy cryptographic key in the key derivation – which the company calls a “secret key” – alongside the master password a user needs to access its vaults and passwords.<\/p>\n This grants 1Password with a security advantage and means “brute-force attacks should be out of reach,” the researchers added.<\/p>\n Kenneth Paterson, professor at ETH Zurich’s Department of Computer Science and one of the lead authors of the paper, said that he and his colleagues were “surprised by the severity of the security vulnerabilities.”<\/p>\n He explained that his team had already discovered similar vulnerabilities in other cloud-based services but had assumed a significantly higher standard of security for password managers due to the critical data they store.<\/p>\n “Since end-to-end encryption is still relatively new in commercial services, it seems that no one had ever examined it in detail before,” he said.<\/p>\n An example of an attack developed by the researchers was a ‘malicious auto-enrolment’ attack against a cloud-based Bitwarden vault (BW01).<\/p>\n This exploited a critical flaw in Bitwarden’s organization onboarding process, where an adversary controlling the server could silently hijack a user’s vault the moment they accepted an invitation, even from a trusted source.<\/p>\n The core issue was in the lack of integrity protection for organization data fetched during onboarding, including policies and cryptographic keys. When a user joins an organization, their client blindly trusts the server’s response, allowing an attacker to manipulate it.<\/p>\n By enabling auto-enrolment in the account recovery policy and swapping the organization’s legitimate public key with their own, an attacker could force the client to encrypt the user’s master key under the malicious key, handing it over without resistance.<\/p>\n The attack unfolds in three key steps.<\/p>\n With the user’s master key in hand, the attacker could gain full access to all stored passwords, notes, and sensitive data, as well as the ability to modify or delete entries undetected.<\/p>\n The impact can be severe: a single compromised server can lead to the mass compromise of users, even if they join legitimate, trusted organizations.<\/p>\n Worse, the attack scales exponentially. If an attacker breaches one<\/em> user in an organization, they gain access to the organisation’s private key, which could be shared among several members of their team.<\/p>\n The researchers disclosed their findings to Bitwarden, LastPass and Dashlane through a coordinated 90-day disclosure process that included detailed descriptions of all vulnerabilities.<\/p>\n They also offered support through video conferences, email exchanges and patch review.<\/p>\n All three vendors notified the researchers that remediation of these vulnerabilities is underway.<\/p>\n 1Password, also made aware of the two attack scenarios performed by the researchers against their services, did not request an embargo period but said the company regards the vulnerabilities as “arising from already known architectural limitations.”<\/p>\n The researchers noted that they have “no reason to believe” that the password manager vendors are currently malicious or compromised and that passwords “are safe as long as things stay that way.”<\/p>\n “That said, password managers are high-value targets, and breaches do happen,” the researchers added.<\/p>\nAttacking End-to-End Encryption Claims<\/strong><\/h2>\n
\n
Malicious Auto-Enrolment Against Bitwarden <\/strong><\/h2>\n
\n
Remediation Underway at Bitwarden, LastPass and Dashlane <\/strong><\/h2>\n
Mitigation Recommendations<\/strong><\/h2>\n