Researchers at ETH Zurich have analyzed security properties of popular cloud-based password managers. The linked page gives an overview of the work and links to the related research paper. Full title (had to shorten it for HN): "Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers"

Overview from the linked page:

"Cloud-based password managers help users store and manage their credentials by encrypting them into a vault protected by a single master password. Leading vendors market this as Zero Knowledge Encryption, conveying the idea that the server storing the vault cannot learn anything about its contents – even if the server is compromised.

We put this to the test. Analysing the three leading password managers that make the Zero Knowledge Encryption claim – Bitwarden, LastPass, and Dashlane, collectively serving over 60 million users and holding approximately 23% market share – plus an additional analysis of 1Password, we find 27 distinct attacks that a malicious server can mount against their users. The attacks range in severity from integrity violations to the complete compromise of all vaults in an organisation. The majority of the attacks allow the recovery of passwords."