Swiss researchers find password manager security gaps(www.swissinfo.ch)
3 pointsby proque13 hours ago3 comments
  • uf00lme12 hours ago
    I would be more impressed if they found issues the Apple password service or 1Password, you always have to assume that no software is complete secure but personal I only trust those two especially after the Lastpass hack https://blog.lastpass.com/posts/security-incident-update-rec...
    • commandersaki3 hours ago
      They did find a pretty gaping vulnerability for 1Password but Agile Bits (the creator of 1P) already knew about it.

      It's called a vault substitution attack, and it allows a malicious server to replace contents of a shared vault but also learn of any new items entered into that shared vault. The fix is pretty trivial from a cryptography perspective but it would require probably significant change in 1P applications and architecture/protocols.

  • replooda13 hours ago
    Brief article: Vulnerabilities were found — in Bitwarden, Dashlane, Lastpass — and the researchers gave each company 90 days to fix them before they're made public.
  • 13 hours ago
    undefined