this post was submitted on 03 Jan 2024
12 points (100.0% liked)

Security Operations

570 readers
1 users here now

A place for all things Cyber Security, from questions, rants, and stories, to the latest attacks, vulnerabilities, and zero days.

founded 1 year ago
MODERATORS
L3s
12
Bitwarden Heist - How to Break into Password Vaults Without Using Passwords (blog.redteam-pentesting.de)
submitted 10 months ago by L4s to c/secops
2 comments fedilink hide all child comments
 

Bitwarden Heist - How to Break into Password Vaults Without Using Passwords::Sometimes, making particular security design decisions can have unexpected consequences. For security-critical software, such as password managers, this can easily lead to catastrophic failure: In this blog post, we show how Bitwarden’s Windows Hello …

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 4 points 10 months ago

This is a great write up. I was expecting some gotcha, but step-by-step it all makes sense. Many layers of this onion

"activating biometric login on Windows means that the derived key is encrypted locally using a secret which can be retrieved after authentication via Windows Hello. "....