The purpose of password managers is to safeguard our login credentials and online accounts. However, a popular password manager recently made headlines for its major security flaw. Bitwarden is under scrutiny because its autofill feature gives hackers easy access to sensitive information. The company has known about the vulnerability for years but left the issue unaddressed.
If your company uses Bitwarden, here's everything you need to know about the issue. That way, you can take the necessary steps to secure your login credentials and other private data.
Why Is Bitwarden's Iframe Flaw Dangerous?
Cyber security firm Flashpoint recently discovered something unusual about Bitwarden. The password manager's browser extension auto-fills all forms, including those within an iframe.
Why is that dangerous? Inline frames, or iframes, host third-party content on a parent page. They are usually for advertisements, interactive content, and embedded videos. Unfortunately, hackers can also use them to steal sensitive information. They can place a login form in the iframe, wait for inputs, and send the data to a remote router.
That is why Bitwarden's auto-fill feature for iframes is problematic. It is essentially serving login credentials to hackers on a silver platter. The good news is that Flashpoint hasn't found many websites that place iframes on their login page.
Why the Vulnerability Issue Remains
After discovering the security flaw, Flashpoint notified Bitwarden. In response, Bitwarden sent a Security Assessment Report dated Nov. 8, 2018. That meant the company was aware of the problem. The document describes the iframe issue and why the company decided not to fix it.
These are the reasons for not addressing it:
Users should be able to log in to all websites, even those with embedded iframes.
If there’s a malicious iframe embedded on a site, it’s safe to assume that data has already been compromised even without Bitwarden’s inputs.
Bitwarden doesn’t autofill login credentials without users’ consent. Users can always turn the feature off.
To encourage Bitwarden to tighten its security, Flashpoint explained various attack vectors that hackers could use to steal information. Bitwarden has decided to retain its iframe functionality but agreed to exclude the hosting environments the cyber security firm discussed. To prevent exploitation, Bitwarden users can disable the "auto-fill on page" feature.
Business owners must exercise due diligence in choosing security tools and platforms. You may not realize that the services that promise to protect data can be the first entry point for hackers. Lack of research and foresight can ruin your brand's reputation, cost you millions and break your customers' trust.
If this tip helps and you would like to donate click on the button. Thanks In Advance
________________________________________________________________________________________________________
"Fortune Favors, Who Value Time over Money!"
"TeQ I.Q. was the 1st IT Company to Deliver Cloud Solutions since 2003"
Tech issues taking up your Time?
"TeQ I.Q. Makes Your Technology Secure and Protected"
Do you have Tech Frustrations like your Computer, Internet, Phone, Cellphone, Camera, TV, Car?
"Afraid of Online Hacking?"
"SECURE your Internet and Devices with before it's too late!"
For more info go to https://www.teqiq.com/vpn/
"We Take Away Your Tech Frustrations and Give You the Free Time You Deserve!"
Call Robert to ask all your Technology questions.
For Free Consultation Call Now Robert Black at (619) 255-4180 or visit our website https://www.teqiq.com/
Chase Bank and Others Trust TeQ I.Q. with their IT and TeQnology so can you!