A new study has found that multiple cloud-based password managers, including Bitwarden, Dashlane, and LastPass, are susceptible to password recovery attacks under certain conditions.
“The attacks range in severity from integrity violations to the complete compromise of all vaults in an organization,” researchers Matteo Scarlata, Giovanni Torrisi, Matilda Backendal, and Kenneth G. Paterson said. “The majority of the attacks allow the recovery of passwords.”
It’s worth noting that the threat actor, per the study from ETH Zurich and Università della Svizzera italiana, supposes a malicious server and aims to examine the password manager’s zero-knowledge encryption (ZKE) promises made by the three solutions. ZKE is a cryptographic technique that allows one party to prove knowledge of a secret to another party without actually revealing the secret itself.
ZKE is also a little different from end-to-end encryption (E2EE). While E2EE refers to a method of securing data in transit, ZKE is mainly about storing data in an encrypted format such that only the person with the key can access that information. Password manager vendors are known to implement ZKE to “enhance” user privacy and security by ensuring that the vault data cannot be tampered with.
However, the latest research has uncovered 12 distinct attacks against Bitwarden, seven against LastPass, and six against Dashlane, ranging from integrity violations of targeted user vaults to a total compromise of all the vaults associated with an organization. Collectively, these password management solutions serve over 60 million users and nearly 125,000 businesses.
“Despite vendors’ attempts to achieve security in this setting, we uncover several common design anti-patterns and cryptographic misconceptions that resulted in vulnerabilities,” the researchers said in an accompanying paper.
The attacks fall under four broad categories –
- Attacks that exploit the “Key Escrow” account recovery mechanism to compromise the confidentiality guarantees of Bitwarden and LastPass, resulting from vulnerabilities in their key escrow designs.
- Attacks that exploit flawed item-level encryption — i.e., encrypting data items and sensitive user settings as separate objects and often combine with unencrypted or unauthenticated metadata, to result in integrity violations, metadata leakage, field swapping, and key derivation function (KDF) downgrade.
- Attacks that exploit sharing features to compromise vault integrity and confidentiality.
- Attacks that exploit backwards compatibility with legacy code that result in downgrade attacks in Bitwarden and Dashlane.
The study also found that 1Password, another popular password manager, is vulnerable to both item-level vault encryption and sharing attacks. However, 1Password has opted to treat them as arising from already known architectural limitations.
 |
| Summary of attacks (BW stands for Bitwarden, LP for LastPass, and DL… |
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
