Forbes cites Flashpoint’s Bitwarden password pilfering research.
“Newly published research from threat intelligence experts, Flashpoint, has suggested that Bitwarden falls short in one particular area: the auto-filling of credentials within embedded iframes.”
Flashpoint researchers told Forbes that Bitwarden’s autofill behavior could allow credentials to be captured via malicious iframes and subdomains.
What Bitwarden security issue did Flashpoint uncover?
Flashpoint researchers found that Bitwarden’s browser extension could autofill credentials inside embedded iframes, even when those iframes originated from different domains. This behavior could enable credential theft under specific hosting conditions.
Why does iframe-based autofill increase password theft risk?
Iframes and subdomains are commonly abused in phishing and credential-harvesting attacks because they can appear legitimate to users. Flashpoint noted that some hosting providers allow attackers to host arbitrary content under trusted base domains.
How does Flashpoint help users and vendors mitigate password manager risks?
Flashpoint analysts investigate real-world exploitation paths and responsibly disclose findings to vendors and the public. Additional technical guidance is available in Flashpoint’s analysis of Bitwarden autofill abuse.
Subscribe to our weekly threat intelligence newsletter
Interested to see top news from Flashpoint hit your inbox directly? Subscribe to our newsletter to receive curated content on a bi-weekly basis.