A team of security researchers from ETH Zurich in Switzerland has analyzed popular password managers and identified ways in which threat actors could compromise users’ vaults and access sensitive data.
However, the researchers did not test the password managers against external or client-side attacks. Instead they targeted zero-knowledge encryption, a security model where the service provider is unable to access the user’s encrypted data and the data should be protected even if the provider’s servers are compromised.
As such, the ETH Zurich researchers conducted an analysis of popular cloud-based password managers under the assumption that the servers storing user vaults are “fully malicious”.
The researchers targeted password managers from Bitwarden, Dashlane, LastPass, and 1Password, each having millions of users and overall accounting for a significant share of the market. Although 1Password was included in the research, the analysis focused on the other password managers.
Several types of attacks were conducted against each of the tested password managers to degrade security guarantees, undermine expected protections, and fully compromise user accounts.
The experts targeted features used for account recovery and SSO login, as well as features designed for backward compatibility. They conducted attacks leveraging improper vault integrity and attacks enabled by sharing features, which allow families or businesses to use the same credentials.
For each of the tested password managers, the researchers managed to achieve vault compromise, including full vault compromise for Bitwarden and LastPass, and shared vault compromise for Dashlane.
They demonstrated that in many cases an attacker could not only view users’ credentials but also modify them.
Password managers respond
Some of the vendors pointed out that the attack methods identified by the researchers require full compromise of a password manager’s servers and advanced skills to conduct cryptographic attacks.
Dashlane told SecurityWeek that some of the findings require “either specific circumstances and/or an extremely significant window of time”.
The vendors have been notified and rolled out patches and mitigations for many of the vulnerabilities, but pointed out that some issues are difficult to address.
“When users share items, symmetric keys are encrypted with the recipient’s public keys. As with most server‑mediated end-to-end encrypted (E2EE) systems, this creates a structural dependency on the authenticity of the public key directory,” Dashlane’s Frederic Rivain explained in a blog post.
“If an attacker were able to substitute the user’s public key with their own, the attacker could gain access to the contents of shared items encrypted with the malicious public key.” Rivain added, “This is a known, industry‑wide challenge.”
Bitwarden noted that of the 10 issues reported by the researchers — each rated as having medium or low impact — seven have been or are in the process of being addressed. However, three of the flaws “have been accepted as intentional design decisions necessary for product functionality”.
LastPass told SecurityWeek that it appreciates the research but also suggested that it disagrees with some of the researchers’ assessments.
“While our own assessment of these risks may not fully align with the severity ratings assigned by the ETH Zurich team, we take all reported security findings seriously. We have already implemented multiple near‑term hardening measures while also establishing plans to remediate or reinforce the relevant components of our service on a timeline commensurate with the assessed risk,” a spokesperson stated.
[ Read: LastPass Users Targeted With Backup-Themed Phishing Emails ]
1Password has also been analyzed and the researchers managed to achieve full compromise of vault confidentiality and integrity, allowing an attacker to obtain passwords and other sensitive data stored in the vault, as well as to add items to the vault.
However, Jacob DePriest, CISO and CIO of 1Password, told SecurityWeek that the attack vectors identified by the researchers had already been documented in the company’s publicly available Security Design White Paper.
“We are committed to continually strengthening our security architecture and evaluating it against advanced threat models, including malicious-server scenarios like those described in the research, and evolving it over time to maintain the protections our users rely on,” DePriest said.
He added, “For example, 1Password uses Secure Remote Password (SRP) to authenticate users without transmitting encryption keys to our servers, helping mitigate entire classes of server-side attacks. More recently, we introduced a new capability for enterprise-managed credentials, which from the start are created and secured to withstand sophisticated threats.”
Related: Password Managers Vulnerable to Data Theft via Clickjacking
Related: Analysis of 6 Billion Passwords Shows Stagnant User Behavior
