A Flaw in Bitwarden Autofill Feature Endangers User Credentials

GAGANDEEP SINGH 10-March-2023

[{"selector":"#anim-f1b5ff29-cada-4f37-bafa-c53fdf8baaf3","keyframes":{"opacity":[0,1]},"delay":0,"duration":2000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-a9fc9812-bf34-4ce8-a4e3-664f6c760296","keyframes":{"transform":["translate3d(-121.875%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-5f8debec-4b77-43b1-bf1a-4d89cec43c6a [data-leaf-element=\"true\"]","keyframes":{"transform":["translate3d(-31.235351448636845%, 0, 0)","translate3d(0%, 0, 0)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] Security Analysts discovered a flaw with the Bitwarden credentials autofill feature.

[{"selector":"#anim-3ea42dd6-4ad3-4514-9c7a-67758b61b050","keyframes":{"opacity":[0,1]},"delay":0,"duration":2000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-bc07e369-3719-4cbb-b40a-3c1f3539e7a6","keyframes":{"transform":["translate3d(-121.875%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-7cbe704a-f104-4bb2-8575-9e2cd8f81f96 [data-leaf-element=\"true\"]","keyframes":{"transform":["translate(0%, 0%) scale(1.5)","translate(0%, 0%) scale(1)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}] Bitwarden is a freemium password management service with an extension for web browsers that hold.

[{"selector":"#anim-0fdf07a1-3d9f-4cf6-83d8-3143588f792b","keyframes":{"opacity":[0,1]},"delay":0,"duration":2000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-35d18bdc-037b-4c23-b2fb-35dcb7ad8f20","keyframes":{"transform":["translate3d(-121.875%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-9e9a3b34-ec3c-4f64-ac91-fbf49529ae58 [data-leaf-element=\"true\"]","keyframes":{"transform":["translate3d(31.249999886225726%, 0, 0)","translate3d(0%, 0, 0)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] The autofill feature holds a dangerous behavior that could allow malicious iframe into the website.

[{"selector":"#anim-9da023ae-3ad0-49c4-9bb8-d5de34475b31","keyframes":{"opacity":[0,1]},"delay":0,"duration":2000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-d2db2179-4ac7-48b7-8442-ffe71969ec91","keyframes":{"transform":["translate3d(-121.875%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] Although the iframe cannot access the content on the main page and can wait to log in forms.

[{"selector":"#anim-55b5f920-3765-4867-b521-b14d07f251c9","keyframes":{"opacity":[0,1]},"delay":0,"duration":2000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-ad13e920-2ad5-4a5b-844a-b144562377d2","keyframes":{"transform":["translate3d(-121.875%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-ab9a3860-9651-4ae2-86c8-75275a717999 [data-leaf-element=\"true\"]","keyframes":{"transform":["translate3d(-12.514648210040342%, 0, 0)","translate3d(0%, 0, 0)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"both"}] There’s still a second issue that the security firm found while investigating the iframe issue.

[{"selector":"#anim-04d48561-f94b-404a-b1f3-cc67d1f9aeee","keyframes":{"opacity":[0,1]},"delay":0,"duration":2000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-ff5a83a7-9216-40d3-a669-a4594427a44f","keyframes":{"transform":["translate3d(-121.875%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-6297ea2e-1ae9-4f63-bb03-b9c1033002f7 [data-leaf-element=\"true\"]","keyframes":{"transform":["translate(0%, 0%) scale(1.5)","translate(0%, 0%) scale(1)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}] Bitwarden, also autofill the credentials on the sub-websites of the main website matching the login.

[{"selector":"#anim-76752880-769e-4279-bde8-b0eca18978d4","keyframes":{"opacity":[0,1]},"delay":0,"duration":2000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-697e13de-c7ae-4aaf-9925-47703ceffc9a","keyframes":{"transform":["translate3d(-121.875%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-7c4aa30b-01f6-4d15-9521-5430e846ca80 [data-leaf-element=\"true\"]","keyframes":{"transform":["translate3d(-12.514648210040342%, 0, 0) translate(-25%, 0%) scale(1.5)","translate3d(0%, 0, 0) translate(0%, 0%) scale(1)"]},"delay":0,"duration":2000,"fill":"forwards"}] Some content hosting allows hosting arbitrary content under a subdomain of their official domain.

[{"selector":"#anim-b6af4ee3-fb43-48f2-8ff8-eee7ef0645c9","keyframes":{"opacity":[0,1]},"delay":0,"duration":2000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-c8ae8f64-e7ef-4b88-848f-fb332a65f930","keyframes":{"transform":["translate3d(-121.875%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-f801c4d8-e5f9-4e65-ba2a-68c32c2a0aed [data-leaf-element=\"true\"]","keyframes":{"transform":["translate(0%, 0%) scale(1.5)","translate(0%, 0%) scale(1)"]},"delay":0,"duration":2000,"easing":"cubic-bezier(.3,0,.55,1)","fill":"forwards"}] Now, the flaw has been brought to the notice of the company by the security analysts.

A Flaw in Bitwarden Autofill Feature Endangers User Credentials

Read the full story here.