Researchers from ETH Zurich have uncovered 25 serious vulnerabilities in three leading cloud-based password managers: Bitwarden, LastPass, and Dashlane.
These flaws enable a malicious server to bypass zero-knowledge encryption claims, allowing unauthorized access, modification, and recovery of users’ stored passwords and vault data.
Bitwarden, LastPass, and Dashlane collectively serve over 60 million users and hold significant market share. The analysis targets their client-server interactions under a fully malicious server threat model, where servers deviate arbitrarily from protocols.
Vendors advertise “zero-knowledge encryption,” implying servers cannot access plaintext vaults even if compromised, but the researchers demonstrate repeated failures in confidentiality and integrity protections.
The 25 attacks span four categories: key escrow mechanisms, item-level vault encryption flaws, sharing features, and backwards compatibility issues.
Key Escrow Attacks
These target account recovery and SSO login mechanisms enable full vault compromise via unauthenticated keys. Bitwarden’s BW01-BW03 allow malicious auto-enrollment, key rotation, and KC conversion through key substitution upon joining organizations or dialogs. LastPass’s LP01 exploits password reset flaws similarly.
Item-Level Encryption Flaws
Flawed per-item encryption leads to integrity violations, metadata leaks, field swapping, and KDF downgrades. Bitwarden’s BW04-BW07 expose unprotected metadata, swap fields, decrypt icons, and remove iterations for brute-force. LastPass LP02-LP06 and Dashlane DL01 enable malleable vaults and replay attacks due to AES-CBC and missing bindings.
Sharing Feature Exploits
Unauthenticated public keys compromise organizations and shared vaults. Bitwarden’s BW08-BW09 inject or overwrite organizations; LastPass LP07 and Dashlane DL02 overwrite sharing keys upon joining. Impacts scale to team-wide access.
Backwards Compatibility Issues
Legacy code support triggers downgrades to insecure modes like CBC. Bitwarden’s BW10-BW12 disable protections and overwrite keys; Dashlane’s DL03-DL06 enable injections, KDF removal, and “Lucky 64” after syncs. Dashlane patched via extension 6.2544.1.
In Bitwarden, 12 attacks include malicious auto-enrollment (BW01), where unauthenticated organization public keys allow key substitution and full vault compromise upon joining any group.
LastPass faces seven issues, such as lacking ciphertext integrity with AES-CBC (LP05), enabling malleable vaults, and field swapping. Dashlane has six vulnerabilities, like transaction replay (DL01) due to shared keys across transactions, violating vault integrity.
Attack RefProductCauseImpactClient InteractionBW01BitwardenLack of Key Auth, Key SubstitutionFull vault compromise1 joinBW02BitwardenKey SubstitutionFull vault compromise1 rotationBW03BitwardenLack of Key Auth, Key SubstitutionFull vault compromise1 dialogLP01LastPassLack of Key AuthFull vault compromise1 loginBW04BitwardenLack of Auth EncRead/modify metadata–BW05BitwardenLack of Key SepField/item swapping–BW06BitwardenLack of Key SepLoss of confidentiality1 openBW07BitwardenLack of Auth EncNo brute-force protection1 loginLP02LastPassLack of Auth EncField/item swapping–LP03LastPassLack of Key SepLoss of confidentiality1 openLP04LastPassLack of Auth EncNo brute-force protection1 loginLP05LastPassLack of Auth EncLoss of vault integrity–DL01DashlaneLack of Key SepLoss of vault integrity–BW08BitwardenLack of Key AuthAdd users to orgs1 syncBW09BitwardenLack of Key Auth, Key SubstitutionOrg compromise1 joinLP07LastPassLack of Key AuthShared vault compromise1 joinDL02DashlaneLack of Key AuthShared vault compromise1 joinBW10BitwardenLack of Auth EncDowngrade key hierarchy–BW11BitwardenCBC SupportLoss of confidentiality2 loginsBW12BitwardenCBC SupportFull vault compromise2 loginsDL03DashlaneCBC SupportLoss of vault integrity104 syncsDL04DashlaneCBC SupportNo brute-force protection104 syncsDL05DashlaneCBC SupportLoss of confidentiality105 syncsDL06DashlaneCBC SupportNo brute-force protection104 syncsLP06LastPassLack of Auth EncRead/modify metadata–
Many attacks require minimal interaction, like a single login or sync, exploiting unauthenticated public keys, missing key separation, and legacy AES-CBC support. For instance, icon URL decryption leaks (BW06, LP03) reveal passwords via client requests. KDF iteration downgrades (BW07, LP04) accelerate brute-force by up to 300,000x.
Attack Hierarchies
Researchers disclosed findings responsibly: Bitwarden on January 27, 2025; LastPass on June 4, 2025; Dashlane on August 29, 2025, with 90-day remediation windows.
Bitwarden advanced fixes for several, including minimum KDF iterations and CBC removal; LastPass addressed LP03; Dashlane mitigated some CBC issues. Recommended mitigations include authenticated encryption (AE), full key separation (KS), public key authentication (PKA), and ciphertext signing (SC).
Users should update clients, enable per-item keys where available, and monitor vendor patches. The study urges formal security models for password managers akin to E2EE cloud storage. Self-hosted deployments remain vulnerable if servers are compromised.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post 25 Vulnerabilities in Cloud Password Managers Allow Unauthorized Access and Modifications appeared first on Cyber Security News.
