Critical Vulnerabilities Exposed in Leading Cloud-Based Password Managers
A recent study has unveiled significant security vulnerabilities in several prominent cloud-based password managers, including Bitwarden, Dashlane, and LastPass. Conducted by researchers Matteo Scarlata, Giovanni Torrisi, Matilda Backendal, and Kenneth G. Paterson from ETH Zurich and Università della Svizzera italiana, the study identifies 25 distinct password recovery attacks that could potentially compromise user data.
The researchers highlight that these attacks vary in severity, ranging from integrity violations to the complete compromise of all vaults within an organization. The majority of these vulnerabilities could allow unauthorized recovery of passwords, posing a significant risk to users.
Understanding Zero-Knowledge Encryption (ZKE):
The study focuses on evaluating the zero-knowledge encryption (ZKE) implementations of these password managers. ZKE is a cryptographic method that enables one party to prove knowledge of a secret to another party without revealing the secret itself. This technique is distinct from end-to-end encryption (E2EE), which secures data during transmission. ZKE is primarily concerned with storing data in an encrypted format accessible only to individuals possessing the decryption key. Password managers employ ZKE to enhance user privacy and security, ensuring that vault data remains untampered.
Identified Vulnerabilities:
The research uncovered 12 unique attacks against Bitwarden, seven against LastPass, and six against Dashlane. These vulnerabilities range from integrity violations of individual user vaults to the total compromise of all vaults associated with an organization. Collectively, these password management solutions serve over 60 million users and nearly 125,000 businesses, amplifying the potential impact of these security flaws.
The researchers noted several common design anti-patterns and cryptographic misconceptions that led to these vulnerabilities. The attacks are categorized into four main types:
1. Key Escrow Exploitation: This involves leveraging the account recovery mechanisms to compromise the confidentiality guarantees of Bitwarden and LastPass. Vulnerabilities in their key escrow designs allow attackers to recover passwords without proper authorization.
2. Flawed Item-Level Encryption: By encrypting data items and sensitive user settings as separate objects, often combined with unencrypted or unauthenticated metadata, attackers can cause integrity violations, metadata leakage, field swapping, and key derivation function (KDF) downgrades.
3. Sharing Feature Exploitation: Attackers can exploit sharing features to compromise the integrity and confidentiality of vaults, potentially gaining unauthorized access to shared data.
4. Backward Compatibility Attacks: Maintaining compatibility with legacy code can result in downgrade attacks, particularly affecting Bitwarden and Dashlane, where older, less secure encryption methods may be exploited.
Implications for 1Password:
The study also identified vulnerabilities in 1Password related to item-level vault encryption and sharing features. However, 1Password has classified these issues as stemming from known architectural limitations. Jacob DePriest, Chief Information Security Officer and Chief Information Officer at 1Password, stated that their security team reviewed the findings and found no new attack vectors beyond those already documented in their publicly available Security Design White Paper.
DePriest emphasized 1Password’s commitment to continually strengthening their security architecture and evaluating it against advanced threat models, including malicious-server scenarios like those described in the research. He highlighted the use of Secure Remote Password (SRP) for user authentication without transmitting encryption keys to servers, mitigating entire classes of server-side attacks. Additionally, 1Password has introduced new capabilities for enterprise-managed credentials, designed to withstand sophisticated threats.
Responses from Bitwarden, Dashlane, and LastPass:
In response to the study’s findings, Bitwarden, Dashlane, and LastPass have implemented measures to mitigate the identified risks. LastPass plans to enhance its admin password reset and sharing workflows to counter threats posed by malicious intermediaries. There is currently no evidence that these vulnerabilities have been exploited in the wild.
Dashlane addressed an issue where a successful server compromise could have allowed a downgrade of the encryption model used to generate encryption keys and protect user vaults. This vulnerability was fixed by removing support for legacy cryptography methods with the release of Dashlane Extension version 6.2544.1 in November 2025.
Bitwarden stated that all identified issues are being addressed, with seven already resolved or in active remediation. The remaining three issues have been accepted as intentional design decisions necessary for product functionality.
LastPass is actively working to add stronger integrity guarantees to better cryptographically bind items, fields, and metadata, thereby enhancing integrity assurance.
Conclusion:
This study underscores the critical importance of robust security measures in password management solutions. Users are advised to stay informed about updates from their password manager providers and apply recommended security practices to safeguard their sensitive information.
